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Preface 


This  National  Institute  of  Standards  and  Technology  Interagency  Report  (NISTIR) 
presents  a risk  assessment  methodology  developed  by  the  U.S.  Department  of 
Energy.  This  NISTIR  contains  Volume  I:  DOE  Risk  Assessment  Guideline 
Instructions.  Resource  Table,  and  Completed  Sample  and  Volume  II:  DOE  Risk 
Assessment  Worksheets.  The  glossary  and  bibliography  which  are  referenced  in 
the  text  follow  Volume  II.  Although  there  are  references  to  a diskette  in  the 
text,  no  diskette  has  been  reproduced  for  distribution  with  this  NISTIR. 

The  National  Institute  of  Standards  and  Technology  (NIST)  makes  no  claim  or 
endorsement  of  this  methodology.  However,  as  this  material  may  be  of  use  to 
other  organizations,  the  report  is  being  reprinted  by  NIST  to  make  it  publicly 
available  and  to  provide  for  broad  dissemination  of  this  federally  sponsored 
work.  This  publication  is  part  of  a continuing  NIST  effort  to  assist  federal 
agencies  in  accordance  with  NIST’s  mandate  under  the  Computer  Security  Act  of 
1987. 

NIST  expresses  its  appreciation  to  the  U.S.  Department  of  Energy  for  their 
permission  to  publish  this  report. 

Questions  regarding  this  publication  should  be  addressed  to  the  Associate 
Director  for  Computer  Security,  National  Computer  Systems  Laboratory,  Building 
225,  Room  B154,  National  Institute  of  Standards  and  Technology,  Gaithersburg, 
MD,  20899. 

Additional  copies  of  this  publication  may  be  purchased  through  the  National 
Technical  Information  Service,  Springfield,  VA,  22161,  telephone:  (703)  487- 
4650. 
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INTRODUCTION 


INTRODUCTION 


1 . BACKGROUND 

The  DOE  Risk  Assessment  Instructions,  Resource  Tables,  and 
Completed  Sample  --  A Structured  Approach  is  the  result  of  a joint 
program  sponsored  by  the  Department  of  Energy's  (DOE)  Office  of 
ADP  Management  (MA-24)  and  the  Computer  and  Technical  Security 
Branch  (DP-343.2).  It  was  developed  for  the  Department  under 
contract  by  Booz,  Allen  & Hamilton  Inc.  The  program  grew  out  of  a 
concern  shared  by  both  the  Unclassified  and  Classified  Computer 
Security  Programs  at  DOE  that  the  ris)c  assessment  process  needed 
to  be  simplified  and  streamlined  in  order  to  allow  ADP  managers 
and  end  users  to  quic)cly  understand  and  accomplish  rislc 
assessments  in  a more  effective  and  expeditious  fashion.  The 
Guideline  provides  DOE  with  a systematic  approach.  There  is 
documentation  for  each  step  performed  as  well  as  Executive  Summary 
pages  from  which  management  can  malce  cost-effective  decisions  on 
safeguard  initiatives. 

The  need  to  develop  such  an  approach  was  given  impetus  with 
the  publication  of  0MB  Circular  A-130/  "Management  of  Federal 
Information  Resources,"  which  placed  additional  emphasis  on 
conducting  ris)c  assessments  of  all  types  of  Government  computer* 
systems.  Appendix  III  of  A-130  underscored  that  such  assessments 
are  to  provide  the  basis  for  malcing  informed  management  decisions 
related  to  accepting  identified  ris)cs  or  for  implementing 
appropriate  cost-effective  countermeasures.  It  also  allowed  fO'r 
varied  approaches  to  fulfill  the  ris)c  assessment  requirement: 
risk  assessments  may  vary  from  "an  informal  review  of  a 
microcomputer  installation  to  a formal,  fully  quantified  risk 
analysis  of  a large  scale  computer  system." 

The  Department's  1988  publication  of  DOE  Order  1360. 2A, 
Unclassified  Computer  Security  Program,  and  DOE  Order  5637.1, 
Classified  Computer  Security  Program,  also  reflect  the  need  to  use 
the  risk  assessment  process  as  an  effective  management  tool  for 
properly  allocating  security  resources.  In  fact,  the  DOE 
Unclassified  Computer  Security  Program  urges  those  conducting  risk 
assessments  to  carefully  select  the  risk  assessment  approach  that 
is  best  suited  to  their  particular  needs:  "When  used 
inappropriately  (i.e.,  selecting  an  inappropriate  methodology  just 
to  satisfy  a general  policy  requirement) , risk  assessments  can  be 
costly  and  ineffective  for  all  involved."*  The  use  of  a 
structured  approach  can  expedite  the  risk  assessment  process. 

The  use  of  this  Risk  Assessment  Guideline  is  not  mandator:^ . 

It  has  proven  to  be  an  effective  tool  through  DOE  field  tests  and 
will  be  matured  as  user  experience  is  gained. 


^Department  of  Energy,  "FY  1990  - FY  1994  Information  Technology 
Resources  Long  Range  Plan,"  p.  5.3-1. 
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OBJECTIVES  OF  THE  GUIDELINE 


2 . 


The  concept  for  the  Guideline  was  developed  after  a thorough 
review  of  current  approaches  to  and  views  on  risk  assessment  was 
completed.  Security  professionals  in  both  Government  and 
commercial  circles  were  interviewed  to  identify  what  "worked"  and 
what  didn't  "work"  with  respect  to  risk  assessment.  Consensus 
among  the  interviewees  was  strong  that  risk  assessment  was  NOT 
beneficial  if  it  was: 

. Excessively  detailed  and  lengthy  --  making  it  a paper 

exercise  rather  than  a beneficial  management  and  security 
awareness  process 

. Overly  quantitative  in  approach,  thus  resulting  in  an 
end-product  that  is  difficult  to  interpret  (if  not 
useless) 

Not  oriented  towards  the  true  "bottom-line":  "What  is  it 
going  to  cost  to  fix  the  problems  identified?" 

A thorough  review  of  the  DOE' s computer  security  culture, 
environment,  and  unique  ADP  applications  was  also  undertaken. 

Again,  views  regarding  the  utility  of  risk  assessment  underscored 
many  of  the  same  concerns  as  were  expressed  above.  Risk 
assessment  had  become  a paper  process  divorced  from  the  management 
decision-making  process  with  which  it  must  be  integrated  in  order 
to  achieve  accountability  for  accepting  a system's  current  risk 
profile  and/or  for  allocating  additional  security  resources. 

Discus, sions  and  correspondence  with  several  DOE  computer 
security  professionals  indicated  other  areas  of  the  risk 
assessment  process  were  of  concern.  There  was  an  indication  that 
it  was  difficult  to  determine  the  scope  of  a risk  assessment  and 
the  necessary  amount  of  documentation  was  undefined.  Some  aspects 
of  cost  evaluation  that  related  to  intangible  or  subjective  assets 
was  difficult  to  perform. 

Upon  completion  of  the  community  wide  interviews  and  DOE 
survey  and  review,  a set  of  comprehensive  objectives  were 
established  for  the  Guideline.  The  Guideline  should  be: 

. Simple  to  understand  and  use 

. Generally  consistent  with  and  useful  for  both 

unclassified  and  classified  environments 

. Cost-effective 

Self-contained  for  ease  of  utilization 

. Appropriate  for  use  by  most  sites 
An  information  source 
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. Non-labor  or  time  intensive  for  the  user 

. Capable  of  providing  accountability 

. Adaptable  for  use/integration  with  currently  used  risk 
assessment  methodologies 

Flexibly  structured  to  permit  use  of  existing  computer 
security  documentation  as  input  into  the  risk  assessment 
framework 

. Useful  in  providing  assessments  and  recommendations  of 
value  to  managers  responsible  for  accepting  risks  or 
planning  and  funding  computer  security  improvements. 

The  approach  to  conducting  risk  assessments  presented  in  this 
Guideline  was  developed  with  these  objectives  firmly  in  mind.  The 
Guideline's  structured  approach  fully  meets  the  risk  assessment 
requirements  imposed  on  the  Department's  ADP  systems  by  Federal  and 
Department  computer  security  policy,  while  eliminating  numerous 
"wheel-spinning"  problem  areas  that  have  consistently  complicated 
risk  assessment  efforts  in  the  past. 

3.  ORGANIZATION  OF  THE  GUIDELINE 

The  Guideline  is  organized  into  two  major  parts  which  are 
divided  into  two  separate  volumes.  Volume  1,  the  main  body  of  the 
Guideline  includes  general  introductions  and  references.  Volume  I 
also  consists  of  instructions  for  Steps  1 through  6 and  a completed 
sample.  Also  included  are  a Bibliography,  and  a Glossary  on  5J./4" 
floppy  diskettes.  Volume  II  consists  of  the  Worksheets  for  each 
step  for  completing  the  Guideline. 

In  order  to  effectively  use  the  Guideline,  working  copies  o‘f 
Volume  II,  the  Worksheets  and  Executive  Summary,  need  to  be  made. 
Second,  as  you  read  Volume  I instructions,  open  Volume  II  to  the 
appropriate  worksheet.  The  worksheet  copies  are  n^t  i..v-xuded  in 
Volume  I.  Notice  there  are  individual  instructions  for  the 
worksheets.  A resource  table  is  included  with  the  instructions 
where  appropriate.  This  organization  necessitates  that  both 
volumes  be  open  to  the  same  step  in  the  risk  assessment  process. 

Table  of  Contents  are  in  Volume  I.  The  contents  and  purpose  of 
each  of  the  Guideline's  elements  are  as  follows: 

(1)  Volume  I of  the  Guideline: 

INTRODUCTION:  The  introduction  describes  the  Guideline's 

background,  its  underlying  philosophy  and  objectives,-  and 
the  mechanics  involved  in  using  the  Guideline.  It  also 
provides  general  instructions  for  Guideline  use. 
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. 6 STEP  APPROACH:  The  6 steps  provide  the  structured 

approach  for  conducting  the  risk  assessment.  Each  step 
has  a particular  area  of  concern;  Worksheets  provide  the 
necessary  data  sets  and  an  organized  format  to  address 
each  of  the  areas  of  concern.  Exhibit  1 presents  an 
overview  of  the  6 steps  and  their  main  area  of  concern. 

It  also  lists  the  worksheets  and  resources  tables  that  are 
used  to  support  each  step.  A detailed  discussion  of  how 
the  process  works  — its  mechanics  --  is  presented  in 
Section  4 below. 

. COMPLETED  SAMPLE;  The  completed  sample  illustrates  how 
the  worksheets  and  Executive  Summary  are  to  be  completed. 

A description  of  an  ADP  system/installation  is  provided, 
and  then  the  Guideline's  approach  is  used  to  conduct  a 
risk  assessment  of  this  sample  system/installation. 

ANNOTATED  BIBLIOGRAPHY:  The  annotated  bibliography, 
covering  the  period  1983  “ 1988,  consists  of  ten  main 
topical  sections  on  key  areas  of  concern  to  those 
conducting  risk  assessments,  from  threat  and 
vulnerability-related  articles  to  literature  on  specific 
countermeasures  for  coping  with  various  types  of  threats. 
Special  interest  sections  on  viruses  and  networks  are  also 
included.  In  addition,  the  bibliography  contains 
references  to  numerous  U.S.  Government  computer  security 
guidance  documents. 

. GLOSSARY ; The  glossary  provides  a useful  compendium  of 
terms  common  to  the  risk  assessment  process.  Three  DOE 
sources  were  used  as  a starting  point  for  developing  the 
glossary.  These  were  then  edited  to  suit  the  needs  of  the 
Guideline  and  additional  terms  were  added  to  ensure 
coverage  of  all  key  terms  mentioned  herein. 

(2)  Volume  II  of  the  Guideline: 

. WORKSHEETS;  The  Worksheets  provide  the  necessary 

documentation  to  complete  the  6 STEP  APPROACH  as  detailed 
in  Volume  I. 

. EXECUTIVE  SUMMARY;  The  Executive  Summary  is  the  final 
worksheet  which  provides  a 6 page  set  of  summary  sheets 
for  use  in  recording  the  results  of  each  step  of  the  risk 
assessment,  and  for  obtaining  management  sign-off  for  the 
end-results  and  any  resulting  recommendations. 

4 . DESCRIPTION  OF  THE  GUIDELINE'S  MECHANICS 

The  Guideline  provides  a systematic,  structured  approach  to  the 
various  evaluations  and  decision  making  processes  that  comprise  a 
risk  assessment.  The  intent  is  to  provide  an  approach  that  allows 
you  --  whether  your  system  is  in  an  unclassified  or  classified 
environment  or  whether  it  is  a PC  on  large  system  — to  readily 
identify  and,  wherever  possible,  have  available  in  one  package,  all 
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information  necessary  to  conduct  a risk  assessment.  The  risk 
assessment  provides  for  a "short  form"  and  a "long  form".  The 
"short  form"  is  adequate  for  microcomputers,  standalone  systems, 
and  systems  that  process  unclassified  or  sensitive  information. 

The  "long  form"  is  primarily  used  for  evaluating  large  system.s, 
systems  used  primarily  for  classified  processing,  and  network 
systems . 

Through  use  of  the  Guideline,  a useful  end-product  (e.g.,  the 
Executive  Summary)  results.  Results  are  enhanced  when  the 
knowledge  of  security  professionals  within  the  organization  is 
used.  Further,  the  structure  of  the  Guideline  allows  you  to  go 
"off-line,  " if  desired,  and  use  a risk  assessment  tool  that  has 
proven  useful  in  the  past,  and  to  enter  the  results  of  these 
"off-line"  analyses  on  the  appropriate  section  of  the  Guideline's 
Executive  Summary.  The  Guideline  can  be  tailored  for  use  in  a 
specific  setting  by  allowing  the  assessor  to  conclude  the 
assessment  at  the  end  of  Step  3 when  further  analysis  is  not  deem.ed 
necessary.  Likewise,  the  Guideline  allows  the  assessor  to  complete 
the  Executive  Summary,  and  provide  the  necessary  input  for  the  risk 
assessment  process.  Care  should  be  taken  while  compiling  and 
storing  the  results  of  the  risk  assessment.  These  results  will  be 
sensitive  or  classified  since  they  address  system  specific  threats 
and  vulnerabilities. 

A series  of  informational  Resource  Tables  accompanies  each 
step.  The  Worksheets  are  organized  to  collect  specific  types  of 
information  needed  to  support  the  risk  assessment  process.  Their 
structure  is  simple  and  logical,  and  they  are  explained  by 
step-by-step  instructions  to  maximize  their  utility  and  minimize 
wheel-spinning.  The  Resource  Tables  provide  the  majority  of  data 
and  information  necessary  to  complete  the  Worksheets  for  each  type 
of  system  that  is  assessed.  Data  sets,  as  required,  were  also 
tailored  to  meet  DOE-specific  requirements. 

The  contents  of  Volume  II  should  be  copied  in  its  entirety.  It 
contains  the  Worksheets  and  Executive  Summary  sheets.  Remember, 
the  guide  may  be  used  any  number  of  times  and  Volume  II  must 
maintained.  Also,  there  is  a numbering  system  to  help  you  quickly 
identify  how  the  Worksheets  and  Resource  Tables  are  correlated. 


MUHSimMO  tY»TIM  FO«l  WORKtMIITB  ANO  MtOURCf  TAtLIt 


. WORKSHEET 
(W) 

W1.  1 

RESOURCE 

TABLE 

(RT) 

g . . 1lt  initw  MOM  of  Vm 

n 4.  1 a Stop  4 Roaourco  Tabtoo 

XXX  “4.  •*c-) 
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Also,  there  is  a special  graphic  border  in  the  right  hand 
margin  to  help  identify  the  Worksheets. 


WORKSHEET 

BORDER 


You  are  also  encouraged  to  draw  upon  existing  documentation 
to  augment  the  data  sets  that  are  provided  in  the  Guideline. 
Documents  of  potential  use  from  the  Unclassified  Computer 
Security  Program  include:  inventory  information  developed  for 
the  ADP  Long  Range  Plan,  the  Computer  Protection  Plan,  results  of 
compliance  and  management  reviews,  audit  reports,  incident 
reports,  and  certification  documentation.  Documentation  from  the 
Classified  Computer  Security  Program  of  potential  use  include: 
the  Statement  of  Threat,  Computer  Security  Plan,  Long  Range  Plan, 
System  Test  and  Evaluation  results,  inspection  results,  and 
accreditation  documentation.  The  remainder  of  this  section 
provides  additional  detail  on  each  of  the  6 steps  and  their 
inter-relationship.  The  overall  decision  making  process  involved 
in  using  this  approach  is  depicted  in  the  Exhibit  2 at  the  end  of 
this  section. 

(1)  STEP  1:  DEFINE  YOUR  SYSTEM.  The  purpose  of  Step  1 is  to 
produce  a general  definition  of  your  system  by  looking  at  several 
key  system  features:  composition,  connections,  size,  cost(s), 
and  back-ups.  First,  the  current  configuration  of  your  system  is 
established  to  ensure  that  you  have  fully  identified  all  major 
system  components  and  connections.  Use  of  a system  configuration 
diagram  provides  you  a visual  opportunity  to  record  and  review 
your  system's  current  configuration.  It  also  allows  you  to 
visualize  potential  vulnerabilities  that  may  exist  as  a result  of 
your  system's  connections  and  data  flows.  Second,  Step  1 helps 
you  in  developing  a general  cost  estimate  for  your  system  so  that 
you  are  able  to  appreciate  how  much  it  would  cost  to  replace  it 
in  its  entirety.  It  is  also  important  to  have  a general 
appreciation  for  the  cost  of  your  system  in  order  to  decide  which 
countermeasures,  if  any,  are  justified  based  on  the  cost  of  your 
system.  Step  1 also  reviews  the  type  of  software  and  data  used 
by  your  system,  with  the  objective  of  understanding  approximately 
how  much  labor  went  into  the  development  of  each  and  whether 
back-ups  are  available  and  necessary. 

The  end  products  from  Step  1 are:  (1)  A system  configuration 
diagram  which  depicts  your  system's  major  components  and 
connections,  (2)  a current  listing  of  your  system's  major 
components,  and  (3)  rough  cost  estimates  for  replacing  your 
system's  hardware,  software  and  data. 

(2)  STEP  2:  CHARACTERIZE  YOUR  SYSTEM,  SOFTWARE,  AND  DATi..  The 
purpose  of  Step  2 is  to  characterize  your  total  system  in  terms 
of  several  key  characteristics.  Questions  in  two  primary  areas 
are  answered  in  this  Step:  (1)  Does  your  system  process  any 
classified  information  or  sensitive  unclassified  information?  If 
so,  what  types/levels?  Responses  to  these  questions  provide  the 

-6- 


lAv- 


basis  for  selecting  what  type(s)  of  security  precautions  are 
required  for  your  system,  software  and  data;  and  (2)  How 
important  is  your  system,  its  operations,  software  and  data  to 
its  users  and  their  organization?  Responses  to  this  second 
question  will  help  you  determine  the  relative  importance  of  the 
system,  software,  and  data,  and  provide  the  basis  for  determining 
or  validating  your  contingency  planning  needs. 

The  end-products  produced  in  Step  2 are:  (1)  An  assessment 
of  the  relative  importance  of  your  system,  software,  and  data  to 
their  users  and  organization;  and  (2)  an  identification  of  what 
types  of  information  you  are  processing  (e.g.,  unclassified, 
sensitive  unclassified,  or  classified) . 

(3)  STEP  3:  REVIEW  BASELINE  SECURITY  REQUIREMENTS  (BLSRs)  AND 
IDENTIFY  THOSE  NOT  MET  OR  PARTIALLY  MET.  The  purpose  of  Step  3 
is  to  determine  whether  your  system's  hardware,  software,  and 
data  --  as  they  exist  today  in  their  current  operating 
environment  and  utilized  by  you  and  your  organization  --  meet  the 
minimum  Baseline  Security  Requirements  (BLSRs)  set  forth  in  all 
applicable  DOE  Orders.  The  Baseline  Security  Requirements  as 
used  in  this  guideline  encompass  DOE  Orders  1360. 2A,  5637.1,  and 
all  relevant  guidelines,  orders,  laws,  etc.  In  the  previous  step 
you  identified  whether  your  system  was  involved  in  sensitive 
unclassified  or  classified  processing.  In  this  step,  you  are 
asked  to  review  brief  lists  of  security  countermeasures  (baseline 
security  requirements)  that  MUST  be  in  place,  per  the  applicable 
DOE  orders . 

Step  3 will  result  in  an  assessment  of  your  current  security 
profile  in  terms  of:  (1)  whether  you  currently  have  met  the 
DOE'S  minimum  baseline  security  requirements  that  apply  to 
sensitive  unclassified  and  classified  ADP  processing;  (2)  a list 
of  any  noted  deficiencies  that  must  be  corrected;  and  (3)  target 
dates  for  correcting  them.  It  also  allows  you  to  note  any  areas 
where  you  desire  to  supplement  the  countermeasures  currently 
in-place  if  you  feel  it  is  justified  based  on  Step  1 and  Step  2 
results . 

Further,  for  the  mejority  of  smell/simple  systems  (as  defined 
in  Step  1 of  this  process),  the  Step  3 results  provide  an 
adequate  assessment  of  the  current  risks  to  your  system. 
Therefore,  Step  3 also  documents  the  decisions  made  to  accept  or 
upgrade  your  current  risk  profile,  and  provides  the  basis  for 
obtaining  management  sign-off  for  these  decisions.  For  these 
systems,  the  risk  assessment  process  is  complete. 

(4)  STEP  4:  REVIEW  THREATS  AND  VULNERABILITIES  AND  IDENTIFY 
ANY  WHICH  AFFECT  YOUR  SYSTEM.  The  purpose  of  Step  4 is  to 
conduct  a more  extensive  review  of  the  threats  that  might  affect 
your  system's  hardware,  software  and  data  through  expl'^i t?tion 
of  specific  vulnerabilities  in  your  system  and  its  operating 
environment.  In  this  step,  you  are  asked  to  record  which 
specific  threats  could  impact  your  system  due  to  existing 
deficiencies  in  your  security  profile.  Further,  the  Step  also 
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addresses  the  probability  that  a given  threat  could  arise  at 
your  site  or  in  your  locality.  (An  uncomplicated  probability 
scheme  is  provided  for  your  use  in  order  to  accomplish  this.) 
Finally,  the  Step  also  allows  you  to  specify  the  priority  in 
which  the  identified  threat (s)  should  be  treated. 

The  end-products  that  result  from  Step  4 are:  (1)  a threat 

and  vulnerability  analysis' of  your  system,  facility,  and  its 
assets  within  its  operating  environment.  It  will  also  (2)  allow 
you  to  identify  which  of  the  applicable  threats  are:  very 
likely  to  occur,  likely  to  occur,  or  unlikely  to  occur. 

Finally,  Step  4 will  provide  the  basis  for  determining  which 
vulnerabilities  should  be  corrected,  and  in  what  order,  based  on 
the  simple  probabilities  identified  for  threat  occurrence. 

(5)  STEP  5:  REVIEW  AND  SELECT  COUNTERMEASURES  OR  ACCEPT 
CURRENT  RISK  PROFILE.  The  purpose  of  Step  5 is  two-fold.  It 
provides  an  opportunity  to  review  available  countermeasures  in 
each  of  the  security  discipline  areas  and  decide  which  ones  are 
appropriate  for  implementation  to  counter  the  threat  impacts 
identified  in  Step  4.  However,  if  your  review  of  the  threat 
impacts  does  not  result  in  the  identification  of  any  new 
concerns,  and  confirms  that  your  security  program  fully  treats 
all  possible  threat  scenarios  for  your  system  and  site,  then 
Step  5 also  allows  you  to  acknowledge  this  by  accepting  your 
current  risk  profile. 

Step  5 results  in  (1)  a prioritized  list  of  countermeasures 
for  implementation  in  each  of  the  security  discipline  areas;  OR 
(2)  a formal  acceptance  of  your  current  risk  profile  made  based 
on  a documented  review  and  analysis  of  possible  threat  impacts 
to  your  system. 

(6)  STEP  6:  OBTAIN  ACCOUNTABILITY:  MANAGEMENT  UNDERSTANDING  OF 

YOUR  RISK  PROFILE  AND  COUNTERMEASURES  REQUIRED.  Step  6 is  the 
last  and  final  step  in  the  risk  assessment  process.  It  is  a 
highly  critical  step,  one  that  is  often  overlookpd  o’-  neglected. 
The  purpose  of  Step  6 is  to  obtain  management  accountability  for 
the  decisions  and  choices  made  throughout  the  risk  assessment 
process.  It  provides  a mechanism  for  briefing,  reviewing,  and 
discussing  the  risk  assessment  results  with  management  and 
planning  resources  required  for  implementing  the  countermeasures 
identified. 

The  Executive  Summary  Block  for  Step  6,  Obtain 
Accountability:  Management  Understanding  of  Your  Risk  Profile 

and  Countermeasures  Required,  provides  a sign-off  area  for 
management  to  review  the  results  of  the  risk  assessment,  and 
accept  the  current  risk  profile.  This  sign-off  is  the  final 
end-product . 

It  is  important  to  maintain  the  results  of  the  risk 
assessment  for  use  in  subsequent  assessments. 
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STEPS 


AREAS  CO\«»EO  9t  STEP 


WOBK^ETS  W)C>  RESOURCE  TAStES  FOR  EACH  STEP 


WORKStCET 


RESOURCE  TABLE 


1 DEFINE  YOUR  SYSTEM 


■ SYSTEM; 
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C0^^ECI10^6 

- SIZE 

- COST(S) 

SOFTWARE  AND  DATA 
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• BACK-UPS 
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AND  DATA 


DATA  SENISmVTTY  OR  CLASSIFICATION 
NUMBER  OF  USERS 
FREQUENCY  OF  USE 
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REVIEW  BASEUNE  SECURITY 
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SUPPLE  MENITAL 
UPGRADES  IF 
DESIRED) 
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PERSONNEL 
INFORNATION 
CON»>UTER 
CONMUNICATTONS 
EMISSIONS 

PROCEDURALyADMNISTRATIVE/ 
MANAGENENT 
ENVIRONMENTAL/SAFETY 


REVIEW  OF  BASEUNE  SECURITY 
REQUIREMENT’S  (BLSRS)  FOR 

W3  1a4b  PHYSICAL  SECURITY 
W3  2 PERSOWEL  SECURITY 

W3  3 NFORMATION  SECURITY 

W3  4 CONMJNCATONIS  SECURITY 

(COMSEC) 

W3  5 EMISSIONS  SECURITY  (TEMPEST) 

W3  6aSb  CONEUTER  SeCURTIY 
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SECURITY  AND  SECURITY 
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W3,8a4b  ENVIRONNtNTAL  SECURITY  AND 
SAFETY 


MASTER  UST  OF  DOCUMENTS  FOR  BASEUNE 
SECURITY  REQUIREMENTS  (BLSRs) 
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THREATS  AND  VULNERABILITIES 

■ BY  IMPACT 
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••  OeSTRLCmON 
••  DISCUDSURE 
••  DAMAGE 
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W4 


THREAT  AND  VULNERABILITY 
REVIEW 


THREAT  AND  VULNERABILITY  GUIDANCE  (BY  ASSET) 

R4  1a4b  PHYSICAL  (FACILITY) 
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profile 


COUNTERMEASURES  BY  SECURITY 
DISCIPUNE  AND  TYPE 

- EOUIPNCNT  OR  PROCEDURAL 
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■ TARGET  DATE 


COUNTERMEASURES  IDENTIRCATION 
AND  RISK  profile  ACCSTANCE 


RS  I COUNTERMEASURES  GUIDANCE 

R5  1a  PHYSICAL  SECURITY 

RS  Ib  PERSONNEL  SECURITY 
R5  1c  INFORMATION  SECURITY 
R5  1d  COMMUNICATIONS  SECURITY 
R5  la  EMISSIONS  SECURITY  (TEMPEST) 

R5  II  COMPUTER SECURTTY 
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AND  SECURITY  MANAGEMENT 
R 5 1 h ENVIRONMENTAL  SECURTTY  AND  SAFETY 
R5  1i  GUIDANCE  FOR  DETERMINING  COST(s) 

OF  COUNTERSCASURES 


OBTAIN  MANAGEMENT 
REVIEW,  PAPmOPATION 
AND  ACCOUNTABILITY 


ACCEPTANCE  OF  RISK(S) 
COMMENTS/EXCEPTIONS 
UPGRADES  REQUIRED 
• BUDGET  NEEDS 
PLAN  OF  ACTION 


MANAGENCNT  BRIERNG  DEVELOPED  USING  THE  EXECUTIVE  SUMMARY 
EXECUTIVE  SUMMARY 
SUPPORTING  DOCUNENTATION 


EXHIBIT  1 

An  Overview  of  the  DOE's 
Structured  Approach  to  Risk  Assessment 
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STEP  1 
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DEFINE  YOUR  SYSTEM 

STEP  1 


GENERAL  PURPOSE  OF  STEP  1 : The’  purpose  of  Step  1 is  to  develop  a general  definition 
of  your  system.  The  definition  is  developed  by  looking  at  several  key  system 
features:  composition,  connections,  size,  cost(s),  and  back-ups.  Finst,  the 

current  configuration  of  your  system  is  established  to  ensure  that  you  have  fully 
identifed  all  system  components  and  connections.  Use  of  a diagram  provides  a visual 
record  of  your  current  system  configuration.  It  also  allows  you  to  visualize 
potential  vulnerabilities  that  may  exist  as  a result  of  your  system's  connections 
and  data  flows.  Second,  Step  1 helps  you  in  developing  a general  cost  estimate  for 
your  system  so  that  you  are  able  to  appreciate  how  much  it  would  cost  to  replace  it 
in  its  entirety.  It  is  also  important  to  have  a general  appreciation  for  the  cost 
of  your  system  in  order  to  decide  which,  if  any,  countermeasures  are  justified  based 
on  the  cost  of  your  system.  Step  1 also  reviews  the  type  of  software  and  data  used 
by  your  system,  with  the  objective  of  understanding  how  much  labor  went  into  the 
development  of  each  and  whether  back-ups  are  available  and  necessary. 

STEP  1 END-PRODUCTS:  (1)  A system  configuration  diagram  which  depicts  your  system's 

major  components  and  connections,  (2)  a current  listing  of  your  system's  major 
components,  and  (3)  cost  estimates  for  replacing  your  system's  hardware,  software 
and  data. 

NOTE:  It  is  important  to  realize  that  a site  may  facilitate  multiple  ADP  systema-, 

Each  system  requires  an  individual  risk  assessment  in  order  to  accurately  analyze 
the  existing  state  of  each  system. 


IT  IS  RECOMMENDED  THAT  YOU  REVIEW  STEP  1 IN  ITS  ENTIRETY  BEFORE  STARTING.  IF  YOU' 
ALREADY  HAVE  INFORMATION  THAT  FULFILLS  THE  OBJECTIVES  OF  STEP  1,  AND/OR  PREFER  TO* 
DEVELOP  IT  USING  AN  ALTERNATE  RISK  ASSESSMENT  METHOD,  YOU  MAY  PROCEED  TO  THE 
EXECUTIVE  SUMMARY  AND  COMPLETE  THE  BLOCK  FOR  STEP  1.  BE  SURE  TO  NOTE  WHAT  SOURCES 
AND/OR  METHODS  WERE  USED  TO  DEVELOP  THIS  INFORMATION.  ATTACH  COPIES  OF  ANY 
SUPPORTING  DOCUMENTATION  TO  ENSURE  THAT  THE  INFORMATION  ENTERED  ON  YOUR  EXECUTIVE* 
SUMMARY  IS  FULLY  SUPPORTED. 


GETTING  STARTED 


1.  Make  copies  of  all  the  Worksheets  and  the  Executive  Summary  so  that  your 
originals  may  be  preserved  and  reused  for  subsequent  assessments:  a full  set  of  the 
Worksheets  and  the  5 page  Executive  Summary  are  located  in  Volume  II,  Worksheets  and 
Executive  Summary. 

2.  Open  to  your  copy  of  the  Executive  Summary  and  the  Step  1 Worksheets  in  Volume 
II  and  review  them.  (Step  1 Worksheets  are  located  at  the  Step  1 Worksheet  tab  in 
Volume  II.) 

3.  Resource  Tables  are  located  in  this  Chapter  following  the  appropriate 
instructions.  Spread  them  out  before  you  and  fully  familiarize  yourself  with  them. 

4.  Obtain  any  materials  that  already  exist  which  may  be  helpful  in  completing  Step 
1 and  which  might  also  be  used  as  supporting  documentation  for  attachment  to  the  ■* 
Executive  Sumiriary.  Helpful  materials  include: 
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Basic  system  configuration  diagram  depicting  system  components  and 
interfaces : Possible  sources  include  your  Computer  Protection  Plan,  Computer 

Security  Plan,  accreditation  or  certification  documentation,  configuration 
management  plans,  system  diagrams,  and  your  organization's  computer  support 
group . 


Existing  inventories;  Possible  sources  include  your  Computer  Protection 
Plan,  Computer  Security  Plan,  accreditation  or  certification  documentation, 
and/or  inputs  developed  for  the  ADP  Long  Range  Plan  or  the  Computer  Security 
Long  Range  Plan. 


General  cost  information:  Possible  sources 
advertisements,  procurement  organizations,  and 
organization's  computer  support  group  can  also 
information  if  necessary. 


include  computer  catalogs 
vendor  price  lists.  Your 
provide  general  cost 


and 


5 . 


Proceed  with  Step 


1 instructions. 
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INSTRUCTIONS  FOR 

WORKSHEET  Wl.l,  SYSTEM  CONFIGURATION  AND  CONNECTIONS 


GENERAL  PURPOSE  OF  WORKSHEET  W1 . 1 ; The  general  purpose  of  this  worksheet  is  to 
provide  a current  understanding  of  your  system's  components,  configuration  and 
interfaces.  By  reviewing  (and  updating  if  necessary)  the  configuration  of  your 
system,  you  can  visually  identify  all  major  components  of  your  system,  its 
current  interfaces,  and  any  external  connections.  This  understanding  is  critical 
in  developing  an  appreciation  for  the  number  and  type  of  components  that  would 
have  to  be  replaced  should  your  system  be  damaged,  destroyed,  or  stolen,  as  well 
as  for  identifying  potential  system  (and  network)  vulnerabilities  (useful  for 
addressing  Step  4 later  on  in  this  process) . 

1.  Complete  Block  1 of  the  worksheet  with  your  system's  name/identification, 
primary  organization/user,  primary  system  use,  location,  and  the  date(s)  that  the 
risk  assessment  is  being  cond-“ted.  You  may  wish  to  devise  an  abbreviated  form 
for  the  information  requested  in  Block  1 of  the  worksheet  that  you  can  use  on 
subsequent  worksheets  since  all  worksheets  ask  for  identifying  information.  (It 
is  important  that  at  least  some  shortened  form  of  system  identification  appear  on 
each  worksheet  since  the  worksheets  provide  important  back-up  documentation  for 
the  risk  assessment.) 

2.  Determine  what  type  of  connections  your  system  has,  if  any,  and  check  the 
appropriate  box  in  Block  2 of  the  worksheet.  The  following  definitions  should  be 
used  in  describing  the  type  and  characteristics  of  your  system's  connections: 

Local  Area  Network  (LAN) : A LAN  is  typically  confined  to  a single  building 
or  may  span  several  buildings  (such  as  with  a university  campus  or  a 
multi-building  laboratory  community) . The  typical  LAN  radius  is 
approximately  6-8  kilometers. 

Wide  Area  Network  (WAN) : Networks  that  cover  a larger  geographic  area  than 
that  described  above  for  a LAN  are  considered  a wide  area  network  (WAN) . 

Closed  Network:  network  where  all  access  to  the  network  is  from  network 

components  located  in  a controlled  access  area  or  access  to  the  network  from  . 
outside  of  the  controlled  access  area  is  via  encrypted  links  or  a protected 
distribution  system. 

Open  Network:  A network  with  the  car.ibility  to  communicate  with  devices 
outside  of  the  network's  controlled  access  area,  where  all  network 
communications  outside  of  controlled  access  areas  are  not  encrypted  or 
protected  by  a protected  distribution  system. 

3.  Attach  a system  configuration  diagreun  to  the  worksheet  in  Block  3 if  one  is 
available.  If  a diagram  does  not  exist,  develop  a simple  one.  The  diagram 
should  indicate  all  major  system  conponents,  their  interfaces,  and  all  external 
connections.  The  system  manager  or  your  organization's  computer  support  group 
can  provide  assistance  in  developing  the  diagram  if  you  are  unsure  about 
connections  or  specific  system  components.  In  addition,  prepare  a short  (1/2  - 1 
page)  written  description  of  your  site  and  what  is  being  included  as  the  scope  of 
your  risk  assessment  (i.e.,  which  systems,  basic  site  security  program,  etc.). 

4.  Enter  the  information  developed  for  this  worksheet  in  the  Step  1 block  of 
the  Executive  Summary,  Sections  la,  lb,  and  Ic. 

5.  Proceed  to  Worksheet  W1.2,  Hardware  Inventory  and  Cost. 
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INSTRUCTIONS  FOR 

WORKSHEET  W1.2,  HARDWARE  INVENTORY  AND  COST 


GENERAL  PURPOSE  OF  WORKSHEET  W1 . 2 : The  general  purpose  of  this  worksheet  is  to 
define  the  size  of  your  system  and  to  provide  a general  cost  estimate  for  your 
system's  components.  The  cost  estimate  is  important  because  it  provides  a way  to 
determine  how  much  it  would  cost  to  replace  your  system,  and  also  provides  a 
figure  for  use  in  selecting  the  most  appropriate  security  countermeasures  for  your 
system  based  on  its  value  (useful  in  Steps  3 and  5 later  in  the  process) . 

1.  Complete  Block  1 of  the  worksheet  identifying  your  system. 

2.  Review  Resource  Table  R1.2A  (Small/Simple  System)  and  Resource  Table  R1.2B 
(Large/Complex  System),  Sections  a and  b,  to  define  your  system's  size/type. 
Section  a of  each  Resource  Table  provides  a general  definition  of  the  two  system 
size/types.  Section  b of  each  Resource  Table  provides  a list  of  generic  computer 
types  and  hardware  components  that  are  characteristic  of  the  system  size/type. 

Note  that  system  components  include  the  computer,  printer,  peripherals, 
e.nvironmental  products,  and  special  support  items. 

3.  Turn  to  your  Executive  Summary  and  in  Section  Id,  mark  the  box  for  your 
system's  size/type,  and  select  which  generic  type  of  system  you  have. 

4 . Locate  a recent  inventory  of  your  system  and  its  components  for  attachment 
here.  If  an  inventory  does  not  exist,  briefly  list*  the  major  hardware  components 
of  your  system  in  Block  2,  Hardware  Inventory.  Note  that  it  is  perfectly 
acceptable  to  group  common  components  together  when  listing  your  system's 
components  (e.g.,  12  tape  drives,  2 printers,  etc.)  Refer  again  to  Resource 
Tables  R1.2A  and  R1.2B,  Section  b,  for  a listing  of  generic  computer  types  and 
hardware  components  for  your  consideration  to  ensure  that  all  major  components  are 
noted.  If  cost  information  readily  exists  for  the  components  of  your  system,  you 
may  list  the  actual  dollar  amounts  for  them.  However,  it  is  perfectly  acceptable 
to  review  Section  c of  the  Resource  Table  R1 . 2A  or  R1.2B,  estimate  the  total  cost 
for  your  system's  components,  and  select  a cost  rating  (VL  - VH)  for  your  system's 
hardware.  Remember,  the  objective  here  is  to  develop  an  estimate  of  your  system's 
cost  — NOT  a down  to  the  dollar  figure  on  an  item  by  item  basis. 

5.  Complete  Block  3 of  Worksheet  W1.2,  Total  Replacement  Cost,  by  providing  a 
total  APPROXIMATE  replacement  cost  figure  for  your  system's  hardware;  -OR-  Select 
a cost  rating  from  the  cost  rating  scheme  (VL  -VH)  that  best  reflects  the  total 
cost  of  replacing  your  hardware.  The  primary  (main)  assets  (vs.  peripherals  or 
other  support  equipment)  should  drive  the  overall  rating  chosen  (e.g.,  CPU  = H, 
printer  = VH,  auxiliary  printer  = VH;  the  overvall  rating  = H) . 

6.  Go  to  Block  le  of  the  Executive  Summary,  Summary  of  System  Replacement  Costs, 
and  mark  the  box  of  the  cost  rating  (VL  - VH)  that  most  closely  depicts  the 
replacement  cost  for  your  hardware. 

7.  Proceed  to  Worksheet  W1.3,  Software  Inventory  and  Cost. 


*Note:  Each  inventory  list  in  Step  1 is  organized  so  that  you  may  enter  each 

major  component  individually  in  numeric  order  on  the  lines  provided.  If  the 
length  of  your  inventory  exceeds  the  number  of  lines  provided,  you  may  make 
multiple  copies  of  the  Worksheet  and  continue  your  numbering  on  subsequent  pages. 
Also,  if  you  are  assessing  a group  of  systems,  a copy  of  this  worksheet  can  be 
used  for  each  individual  one. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

SMALL/SIMPLE  SYSTEM: 

STEP  1 

• DEFINITION 

. COMPONENTS 

• COST  GUIDANCE 

RESOURCE 

TABLE 

R1.2A 

a.  DEFINmON  OF  A SMALL/SIMPLE  SYSTEMj 

A SMALL/SIMPLE  COMPUTER  DESIGNED  PRIMARILY 
DISK  DRIVES,  PRINTERS,  AND  OTHER  EQUIPMENT 
ARE  CONSIDERED  PART  OF  THE  SYSTEM. 

TO  SUPPORT  A SINGLE  USER  AT  A TIME. 

ASSOCIATED  WITH  THE  COMPUTER  AND  ITS  USE 

b.  TYPICAL  COMPUTER  TYPES  AND  COMPONENTS  OF  A SMALL/SIMPLE  SYSTEM 

Computer  Types 

Hardware  Components 

. Memory  Typewriter 

- Basic 

• Advanced 

• Word  Processor 

■ Basic 

• Advanced 

• Personal  Computer 

Basic 

■ Advanced 

. CAD/CAM/Graphlcs  Workstation 

Basic 

- Intermediate 

Advanced 

. Monitors  * Printers 

• Storage  Devices  . communications  Support 

. Disk  Drives  Equipment 

Tape  Drives 

* Special  Support  Items 

. Central  Processing  Unit  . gurge  Suppressors 

• Peripherals  * Computer  and  Equipment  Stands, 

Tables,  etc. 

• Switch  Boxes  * Special  Purpose  Tables 

Plotters  - Environmental  Control  Equipment 

Digitizers 

C.  COST  GUIDANCE  FOR  A SMALL/SIMPtE  SYSTEM  * 


APPROXIMATE 
COST  RANGE: 

$0  - $5,000 

$5,001  - $10,000 

$10,001  - $25,000 

$25,001  - $50,000 

$50,000+ 

. BASIC 

. ADVANCED 

. ADVANCED 

. INTERMEDIATE- 

. ADVANCED  CAD/ 

COMPUTER 

MEMORY 

MEMORY  TYPEWRITER 

PERSONAL 

ADVANCED 

CAM/GRAPHICS 

TYPES: 

TYPEWRITER 

COMPUTER 

CAD/CAIW 

WORKSTATION 

. ADVANCED 

GRAPHICS 

. BASIC 

WORD  PROCESSOR 

. INTERMEDIATE 

WORKSTATION 

- CPU  SYSTEM 

WORD 

CAD/CAM/ 

PROCESSOR 

. ADVANCED 

GRAPHCS 

- CPU  SYSTEM 

. MINI-COMPUTER 

PERSONAL  COMPUTER 

WORKSTATION 

CAPABILITIES 

. BASIC 

PERSONAL 

. BASIC  CAD/CAM/ 

- CPU  SYSTEM 

PERIPHERAL 

COMPUTER 

GRAPHICS 

DEVICES 

WORKSTATION 

FOR  MEMORY 

- PLUS  AL 

.L  OTHER  COMPO 

^ENTS  OF  THE  S 

YSTEM  - 

COST  RATING: 

VERY  LOW  (VL) 

LOW  (L) 

MEDIUM  (M) 

HIGH  (H) 

VERY  HIGH  (VH) 

* NOTE:  A system's  cost  rating  should  reflect  the  sum  of  all  system  components:  computer,  printer,  peripherals, 
and  support  items. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

LARGE, COMPLEX  SYSTEM: 

. DEFINITION 
. COMPONENTS 
. COST  GUIDANCE 

STEP  1 

RESOURCE 

TABLE 

R1.2B 

a.  DEFINITION 

OF  A LARGE/COMPtEX 

SYSTEM: 

A COMPUTER  SYSTEM  WHICH  USES  ITS  RESOURCES,  INCLUDING  I/O  DEVICES,  STORAGE,  CENTRAL 

PROCESSORS,  CONTROL  UNITS,  AND  SOFTWARE  PROCESSING  CAPABILITIES  TO  ENABLE  ONE  OR 

MORE  USERS  TO  MANIPULATE  DATA  AND  PROCESS  PROGRAMS  IN  AN  APPARENTLY  SIMULTANEOUS  MANNER. 
SUCH  SYSTEMS  HAVE  ONE  OR  MORE  OF  THE  CAPABILITIES  KNOWN  AS  TIME-SHARING,  MULTIPROGRAMMING, 
MULTI-ACCESSING,  MULTI-PROCESSING,  OR  CONCURRENT  PROCESSING. 

b.  TYPiCAt  COWPTOf?  TYPES  AND  COMPONENTS  OF  A LAROE/COMPLEX  SYSTEM 


Computer  Types 

CAD/CAM/GraphIcs 

Workstation 

• Advanced 

Mini-Computer 
Mainframe  Computer 
Super-Computer 


• Terminals/Monitors 

• Smart  - Graphics 

• Dumb  • Other 

• Consoles 

• storage  Devices 

• Arrays 

. Disk  Drives 
. Tape  Drives 
. Cartridge  Tape  Drives 
■ Storage  Servers 
. Storage  Controllers 

• Central  Processing  Unit 

• I/O  Processors 


Hardware  Components 

* Other  Peripherals 


Printers 

• Dot  Matrix 

• Laser 

- Line  Printer 


• Letter  Printer 

• System  Printer 


- Color  Plotters  • Table  Plotters 

• Digitizer  • Drum  Plotters 

• Communications  Equipment 

• Environmental  Products 

- Power  Conditioners 

- Power  Distribution  Systems 

• Transient  Voltage  Suppressors 
■ Uninterrupted  Power  Systems- 

• A/C  and  Other  Environmental 

Control  Equipment 

• Special  Support  Items 

• Special  Stands  and  Tables 

• Partitions 

- Storage  Cabinets 

• Tables,  etc. 


Ci  COST  GUtDANOE  FOR  A t-ARGE/COMPtEX  SYSTEM 


4 


APPROXIMATE 
COST  RANGE: 


$50,000  -$250,000  ' 


$250,001  - $750,000 


$750,001  - $2.5  M 


* * 


$2.5  M- $8.0  M 


$8.0  M+ 


COMPUTER 
TV  PE  Si. 


ADVANCED  CAD/ 

CAM/CASE 

WORKSTATION 

- CPU  SYSTEM 

- PERIPHERAL 
STORAGE 
DEVICES 

- SINGLE 
PROCESSOR 

MINI-COMPUTER 


MINICOMPUTER 

- PROCESSOR 

- INCREASED 
MEMORY 
STORAGE 


MINI-COMPUTER 

MAINFRAME 

COMPUTER 

- EXTENSIVE 
MASS-STORAGE 
CAPACITY 


MAINFRAME 

COMPUTER 

- EXTENSIVE 
MASS-STORAGE 
CAPACITY 

- MULTIPLE 
COMMUNICATIONS 
LINE  CAPACITY 

- REOUIRES 
CONTROLLED 
OPERATING 
ENVIRONMENT 
(COMPUTER  ROOM) 


LARGE  MAINFRAME 
COMPUTER 

SUPER-COMPUTER 

- SUPERIOR  MASS- 
STORAGE  CAPACITY 

- REOUIRE  CONTROLLED 
OPERATING  ENVIRON- 
MENT (COMPUTER  ROOM 

- MULTIPLE  COMMUNICA- 
TIONS LINE  CAPACITY 

- STATE-OF-THE-ART 
PROCESSING  CAPACITY 


- PLUS  AI  L OTHER  COMF  ONENTS  OF  THI!  SYSTEM  - 


COST  RATING: 


VERY  LOW  (VL) 


LOW  (L) 


MEDIUM  (M) 


HIGH  (H) 


VERY  HIGH  (VH) 


* NOTE:  A system's  cost  rating  should  reflect  the  sum  of  all  system  components:  computer,  printer,  peripherals, 
and  support  items. 


* * 


M = Million 
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INSTRUCTIONS  FOR 

WORKSHEET  W1.3,  SOFTWARE  INVENTORY  AND  COST 


GENERAL  PURPOSE  OF  WORKSHEET  W1 . 3 : The  general  purpose  of  this  worksheet  is 
four-fold.  First,  it  will  help  you  develop  an  accurate  and  up-to-date  appreciation  of 
the  various  software  (applications,  programs)  used  on  or  by  your  system.  Second,  it 
will  allow  you  to  develop  a rough  estimate  of  the  cost  of  replacing  your  software. 
This  is  important  in  determining  which  security  measures  may  be  merited  for  the 
protection  of  your  software  based  on  its  value.  Third,  the  worksheet  focuses  on 
whether  back-ups  exist  for  your  system' s software,  and  whether  they  should  be 
instituted.  Finally,  the  worksheet  allows  you  to  identify  the  type  of  storage  media 
your  software  uses  which  will  be  of  use  in  selecting  the  proper  measures  to  protect 
it . 

1.  Complete  Block  1 of  Worksheet  W1.3,  identifying  your  system. 

2.  Review  Sections  a and  b of  Resource  Table  R1 . 3 to  recall  and  list  the  various 
types  of  software  your  system  uses.  If  you  do  not  have  a software  inventory,  list 
your  software  (applications,  programs)  in  Block  2 (columns  a and  b)  of  the  Software 
Inventory  and  Cost  Worksheet. 

3.  Review  Section  c of  Resource  Table  R1 . 3 to  note  the  various  types  of  storage 
media  that  your  system  may  utilize.  After  reviewing  this  list,  complete  column  2 (c) 
(Type  Storage  Media)  and  2 (d)  (Does  a Back-Up  Exist?)  on  the  Software  Inventory  and 
Cost  Worksheet. 

4.  Review  Sections  d and  e of  Resource  Table  R1 . 3 to  understand  the  cost  guidance 

provided  for  use  in  estimating  the  cost  of  replacing  your  software.  If  your  software 
is  "off-the-shelf,"  approximate  its  cost  and  either  enter  the  $ amount  in  column  (f) 
of  the  Worksheet  ($  Amount)  AND/OR  enter  the  appropriate  cost  rating  (VL  - VH)  that 
reflects  an  approximate  off-the-shelf  cost  for  your  software.  To  do  this,  use  the 
guidance  provided  in  Section  d of  the  Resource  Table.  If  the  software  is  not 
commercially  available,  approximate  the  total  amount  of  hours  that  would  be  required 
to  replace  (redevelop)  the  software.  Enter  this  number  in  column  (e)  of  the 
Worksheet  (Approx.  Hours  to  Develop) . Then  calculate  the  replacement  cost  using  the 
guidance  provided  in  section  (e)  of  Resource  Table  R1 . 3 (Guidance  for  Calculating 
Software  Replacement  Costs) . If  you  would  prefer  to  use  actual  labor  rates,  you  may 
consult  the  sources  identified  in  this  section  of  the  worksheet.  It  should  be  noted 
that  software  replacement  costs  should  only  be  calculated  in  cases  where  there  is  not 
a back-up  copy  stored  in  an  off-site  location.  Therefore,  labor  costs  to  recreate 
lost  data  would  only  be  for  the  period  of  development  not  yet  protected  by  back-ups . 
Enter  the  $ amount  for  replacing  the  software  in  the  Worksheet  column  (f)  ($  Amount) 

AND/OR  enter  the  appropriate  cost  rating  (VL  - VH)  in  column  (g)  (Rating) . Again, 
remember,  the  objective  here  is  NOT  to  develop  down  to  the  dollar  replacement  costs. 

Approximates  are  the  goal. 


5.  Complete  Block  3 of  Worksheet  W1 . 3 with  the  total  replacement  cost  for  all  of 
your  system's  software  with  EITHER  a $ estimate  or  the  appropriate  cost  rating 
(VL-VH) . 

6.  Review  your  list  of  software  groups,  the  status  of  their  back-ups,  and  the 
cost  rating  you  assigned  for  their  replacement  cost.  Place  a star  (*)  in  the 
margin  next  to  any  entry  that  (a)  does  not  have  a back-up  AND  (b)  was  assigned  a 
cost  rating  of  Medium,  High,  or  Very  High.  You  now  can  readily  identify  any 
software  for  which  back-ups  should  be  immediately  developed.  Those  with  a Very 
.High  rating,  should  be  considered  for  off-site  storage. 

7.  Complete  Block  le  on  the  Executive  Summary  indicating  the  cost  rating  chosen 
for  replacing  all  of  the  software  used  by  your  system.  Complete  Block  If  on  the 
Executive  Summary  indicating  the  status  of  back-ups  for  your  system's  software. 

8.  Proceed  to  Worksheet  W1 . 4 Software  Inventory  and  Cost.  18 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

. SOFTWARE:  TYPES,  USES, 

STORAGE  MEDIA 

. SOFTWARE  AND  DATA  COST  GUIDANCE 

STEP  1 

RESOURCE 

TABLE 

R1.3 

a,  TYPES  OF  SOFTWARE  TO  CONS  1 DER  FOR  SOFTWARE  IN^NTORY: 

. Off-the-Shelf  Software 

• Encryption  Software 

- Word  Processing 

• Operating  Software 

- DBMS 

• Security  Related  Software 

1 - Graphics 

• Utilities  Software 

I . Applications  Software 

• Communications  Software 

SAMPLE  SUBJECT  AND  FUNCTION  ^ 

^EAS  FOR  SOFTWARE  AND  DATA  OSE: 

. AccountIng/FInanclai 

. Personnel  Management 

• Administration 

. Manufacturing/Control 

• Contract  Management/ 

. Mathematics/Statistical 

Administration 

. Security 

• Engineering/Sclentic 

. Training 

C.  SAMPLE  TYPES  OF  storage  MEDIA: 

a.  TAPES 

d. 

CARTRIDGES 

g.  MASS  MEMORY  STORAGE  UNIT 
(REMOVABLE/NON-REMOVABLE) 

b.  DISKS 

e. 

CYLINDERS 

c.  DRUMS 

f. 

CARDS 

h.  HARD  COPY  OUTPUT 

1.  OPTICAL  DISCS 

<j.  COST  GUIDANCE  FOR  SOFTytfAWE  and  DATA: 


COST 

RATING 

VERY  LOW 
(VL) 

LOW 

(L) 

MEDIUM 

(M) 

HIGH 

(H) 

VERY  HIGH 
(VH) 

CURRENT 
PURCHASE  PRICE 
OR  DEVELOPMENT 
COST 

$0  - 5,0C0 

$5,001  - 10,000 

$10,001  - 25,000 

$25,001  - 50,000 

$50,000+ 

e.  GUIDANCE  FOR  CALC UUATINQ  SOFTWARE  AND  DATA  REPLACEMENT  COSTS: 


• For  "Off-the-shelf"  - Consult  computer  catalogs  and  advertisements,  as  well  as 

Software  Prices:  government  price  schedules  and  local  vendor  price  lists  available 

from  your  organization's  computer  support  group  or 
Procurement  Office 


• For  Software  and  Data  - Consult  contract  labor  cost  rates  available  from  the  Procurement 
Development  Costs:  Office  or  the  contract's  COTR 

OR 

- Develop  the  total  cost  by  multiplying  approx,  hours  spent  times  average 
labor  cost  per  hour.  Accepted  labor  costs  for  your  use  are  provided: 

• • Clerclal:  $5-10/hr. 

• • Junior  Professional  or  Programmer:  $1 5-20/hr. 

..  Senior  Professional  or  Programmer:  $20-30/hr. 

• Approximate  No.  of  work  hours  per:  - 1 Year:  2,080 

(Holidays  and  weekends  are  not  - 6 Months:  1,040 

Included) - 1 Month:  170 
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INSTRUCTIONS  FOR 

WORKSHEET  W1.4,  DATA  INVENTORY  AND  COST 


GENERAL  PURPOSE  OF  WORKSHEET  W1 . 4 : The  purpose  of  this  worksheet  is  to 
identify  all  data  used  by  your  system.  It  is  important  to  understand 
which  data  your  system  utilizes  for  several  reasons.  It  allows  you  to 
understand  the  overall  value  of  these  data  in  terns  of  approximately  how 
many  hours  it  took  to  develop  it  and  would  take  to  replace  it . This 
worksheet  also  focuses  on  whether  back-up  data  exist,  and  whether  those 
that  exist  are  sufficient. 

1.  Complete  Block  1 of  Worksheet  W1.4,  identifying  your  system. 

2.  Determine  whether  an  inventory  exists  for  the  types  or  categories  of 
data  you  use  in  conjunction  with  your  system.  If  one  exists,  obtain  it 
for  use  in  completing  columns  (b)  - (f)  of  the  Worksheet.  If  no 
inventory  or  an  incomplete  inventory  exists,  list  the  major  types  or 
categories  of  data  used  by  your  system  in  column  (a)  of  the  Worksheet. 
Again,  remember  that  it  is  perfectly  acceptable  to  group  data  by 

categories  (e.g..  Salary-related,  Egual  Employment  Opportunity-related, 

Medical  Benefits,  etc.)  Assign  a sequential  number  to  each  entry  (D-1, 
D-2,  and  so  on) . Again,  additional  room  is  required  for  the  list, 
make  additional  copies  of  this  worksheet. 

3.  Turn  to  column  (c)  on  the  Worksheet,  and  for  each  data  category 
listed  on  the  inventory,  estimate  approximately  how  many  hours  it  would 
take  to  recreate  it  if  it  had  to  be  replaced.  In  addition,  note  in 
column  (d)  whether  back-up  copies  ~~  these  data  exist. 

4.  To  determine  the  replacement  cost  for  these  data,  approximate  the 
number  of  hours  that  would  be  required  to  recreate  it  and  multiply  this 
number  by  the  labor  cost  figures  provided  in  Section  e of  Resource  Table 
R1 . 3 . Again,  precise  down  to  the  dollar  amounts  are  not  necessary; 
estimates  are  perfectly  acceptable  and  use  of  the  cost  rating  scheme  (VL 

- VH)  instead  of  replacement  costs  is  encouraged. 

5.  Complete  Block  3 of  Worksheet  W1 . 4 with  the  total  cost,  either  a $ 
estimate  or  a cost  rating  (VL  to  VH) , for  replacing  the  data  used  by  your 
system. 

6.  Review  your  data  inventory  list  (column  b) , the  status  of  their 
back-up  copies  (column  d) , and  the  cost  rating  you  assigned  for  their 
replacement  cost  (column  f) . Place  a star  (*)  in  the  margin  next  to  any 
entry  that  (1)  did  not  have  a back-up  and  (2)  was  assigned  a cost  rating 
of  Medium,  High,  or  Very  High.  You  have  now  identified  data  for  which 
back-up  copies  are  strongly  recommended. 

7.  Turn  to  the  Executive  Summary,  Step  1,  and  complete  Block  If 
indicating  the  cost  rating  (VL-VH)  that  reflects  the  cost  of  replacing 
all  data  used  by  your  system. 

8.  Complete  Block  If  of  the  Executive  Summary,  Step  1,  indicating  the 
status  of  back-up  copies  for  your  data. 

9.  Proceed  to  Step  2,  Characterize  Your  System,  Software,  and  Data. 
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CHARACTERIZE  YOUR  SYSTEM,  SOFTWARE,  AND  DATA 

STEP  2 


GENERAL  PURPOSE  OF  STEP  2 : The  purpose  of  Step  2 is  to  characterize  your  total 
system  in  terms  of  several  key  characteristics.  Step  2 worksheets  ask  questions  in 
two  primary  areas: 

1.  Does  your  system  process  any  classified  information  or  sensitive  unclassified 
information?  If  so,  what  types/levels?  Responses  to  these  questions  provide  the 
basis  for  selecting  what  type{s)  of  security  precautions  are  required  for  your 
system,  software  and  data. 

2.  How  important  is  your  system,  its  operations,  software  and  data  to  its  users  and 
their  organization?  Responses  to  this  question  will  help  you  to  determine  the 
relative  importance  of  the  system,  software,  and  data,  and  provide  the  basis  for 
determining  or  validating  your  contingency  planning  needs. 

STEP  2 END-PRODUCTS:  (1)  An  assessment  of  the  relative  importance  of  your  system, 
software,  and  data  to  their  users  and  organization;  and  (2)  an  identification  of 
what  types  of  information  you  are  processing  (e.g.,  unclassified,  sensitive 
unclassified,  or  classified) . 


IT  IS  RECOMMENDED  THAT  YOU  REVIEW  STEP  2 IN  ITS  ENTIRETY  BEFORE  STARTING.  IF  YOU 
ALREADY  HAVE  INFORMATION  THAT  FULFILLS  THE  OBJECTIVES  OF  STEP  2,  AND/OR  PREFER  TO 
DEVELOP  IT  USING  AN  ALTERNATE  RISK  ASSESSMENT  METHOD,  YOU  MAY  PROCEED  TO  THE 
EXECUTIVE  SUMMARY  AND  COMPLETE  THE  BLOCK  FOR  STEP  2 . BE  SURE  TO  NOTE  WHAT  SOURCES 
AND/OR  METHODS  WERE  USED  TO  DEVELOP  THIS  INFORMATION.  ATTACH  COPIES  OF  ANY 
SUPPORTING  DOCUMENTATION  TO  ENSURE  THAT  THE  INFORMATION  ENTERED  ON  YOUR  EXECUTIVE 
SUMMARY  IS  FULLY  SUPPORTED. 


GETTING  STARTED 

1.  Open  to  your  copy  of  the  Executive  Summary  and  the  Step  2 Worksheets  and  review 
them.  (Step  2 Worksheets  are  located  at  the  Step  2 Worksheet  tab  in  Volume  II.) 

2.  Step  2 Resource  Tables  are  located  with  the  Step  2 instructions.  It  is 
recommended  that  you  familiarize  yourself  with  the  information  provided  on  them 
before  starting  Step  2. 

3.  Obtain  any  materials  that  already  exist  which  may  be  helpful  in  completing  Step 
2 and  which  might  also  be  used  as  supporting  documentation  for  attachment  to  the 
Executive  Summary.  Useful  existing  materials  include:  results  of  prior  efforts  to 
identify  the  sensitivity  or  classification  of  the  software  (applications/programs) 
and  data  used  on  or  by  your  system;  and  existing  contingency  plans  which  provide  an 
analysis  of  why  a particular  system  merits  a contingency  program/plan. 

4.  Please  read  the  NOTE  on  the  Step  2 Worksheets  W2 . 2 (Software  Characteristics  and 
Importance)  and  W2 . 3 (Data  Characteristics  and  Importance).  These  worksheets  allow 
you  to  list  the  software  and  data  that  were  inventoried  in  Step  1 by  their  reference 
number,  thereby  avoiding  relisting  all  these  entries. 

5.  Proceed  with  Step  2 instructions. 
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INSTRUCTIONS  FOR 

WORKSHEET  W2.1,  SYSTEM  CHARACTERISTICS  AND  IMPORTANCE 


GENERAL  PURPOSE  OF  WORKSHEET  W2 , 1 : The  general  purpose  of  this  worksheet 
is  to  determine  the  importance  of  your  system.  Importance  here  is  measured 
in  terms  of:  the  number  of  users  that  utilize  (and  depend  on)  the  system; 
the  frequency  with  which  the  system  is  used;  and  the  impact  on  you  and 
your  organization  if  the  system  were  not  available  for  use/operation.  This 
simple  review  will  allow  you  to  readily  identify  the  overall  importance  of 
your  system  to  you  and  your  organization,  and  whether  the  development  and 
use  of  a contingency  plan  and  procedures  is  adviseable.  If  several  systems 
have  been  grouped  together  for  the  purpose  of  this  assessment,  the 
Worksheet  provides  space  for  each  system  to  be  reviewed  on  an  individual 
basis . 


1.  Review  Resource  Table  R2 . 1 (Rating  the  Importance  of  A System,  its 
Software  and  Data) . Three  separate  "mini-tables"  appear  on  this  Resource 
Table:  (a)  Number  of  Users,  (b)  Frequency  of  Use,  and  (c)  Impact  if 
Unavailable.  Be  sure  to  read  the  explanations  included  with  each 
mini-table  to  fully  understand  the  rating  schemes  (VL  - VH)  provided  for 
each  mini-table. 

2 . If  several  systems  were  addressed  on  this  worksheet  because  a single 
risk  assessment  is  being  conducted  on  them  as  a group,  and  the  ratings  for 
each  system  differ,  then  separate  recommendations  should  be  developed 
regarding  system  contingency  planning  needs  and  additional  security 
measures . 

3.  Determine  the  appropriate  rating  for  your  system  (Very  Low  to  Very 
High)  using  Section  a (Number  of  Users) . Record  your  answer  in  column  (b) 
of  Worksheet  W2 . 1 . (Note  that  two  rating  schemes  are  provided:  one  for 
small/simple  systems  and  one  for  large/complex  systems.  Select  the  rating 
appropriate  for  the  size/type  of  system  that  you  are  assessing,  based  on 
your  Step  1 results.) 

4.  Turn  to  Section  (b)  of  the  Resource  Table  (Frequency  of  Use)  and 
determine  the  appropriate  rating  for  your  system  (VL  - VH)  for  your  system. 
Enter  the  rating  on  your  worksheet  in  column  (c)  Frequency  of  Use. 

5.  Turn  to  section  (c)  of  the  Resource  Table  (Impact  if  Unavailable)  and 
determine  the  appropriate  rating  for  your  system  (VL  - VH) . Enter  the 
rating  under  column  (d)  of  the  worksheet, 

6.  If  any  of  your  ratings  are  Medium,  High,  or  Very  High,  circle  them. 
Ratings  in  the  mid  to  high  range  point  out  a moderate  to  critical  need  for 
the  development  and  use  of  a system  contingency  plan  and  procedures,  and 
the  implementation  of  more  stringent  security  measures. 

7 . Summarize  the  results  of  this  review  in  Step  2 of  the  Executive 
Summary,  Block  2.b.l  (System)  by  checking  the  box  with  the  ratings  your 
selected  (VL  - VH)  for  each  area  of  concern:  Number  of  Users,  Frequency  of 
Use,  and  Impact  if  Unavailable. 

8.  Proceed  to  Worksheet  W2.2,  Software  Characteristics  and  Importance. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


RATING  THE  IMPORTANCE 
OF  A SYSTEM,  ITS 
SOFTWARE  AND  DATA 


STEP  2 


RESOURCE 

TABLE 

R2.1 


a.  NUMBER  OF  USERS  <SYSTEM  AND  CORRESPONDING  RATING): 


Small/SImple  System: 

1 

2 

3-4 

5 

6 + 

Large/Complex  System: 

1-5 

6-15 

16-35 

36-75 

75  + 

Rating: 

Very  Low 

Low 

Medium 

High 

Very  High 

(VL) 

(L) 

(M) 

(H) 

(VH) 

b,  FREQUENCY  OF  USE  {SYSTEM,  SOFTWARE  AND  DATA): 

Usage: 

Periodic 

Monthly 

Weekly 

Daily 

Continuous 

Rating: 

Very  Low 

Low 

Medium 

High 

Very  High 

(VL) 

(L) 

(M) 

(H) 

(VH) 

EXPLANATIONS: 


Periodic  Usage  = 

Monthly  Usage  = 

Weekly  Usage  = 

Daily  Usage  = 

Continuous  Usage  = 


Occassional  use  during  month 
Regular  use  during  month 
Regular  use  during  week 
Regular  use  during  day 

Continuous  use  during  workday  (8  hrs.)  or  use 
round-the-clock 


C.  IMPACT  IF  UNAVAILABLE  (SYSTEM, 

SOFTWARE  AND  DATA); 

Importance  to  Organization 
or  Operations: 

Routine 

Moderately 

Important 

Important 

Highly- 

Important 

Vital 

Rating: 

Very  Low 

Low 

Medium 

High 

Very  High 

(VL) 

(L) 

(M) 

(H) 

(VH) 

EXPLANATIONS: 


Routine 

Moderately  Important 
Important 
Highly  Important 
Vital 


No  impact  on  organization/capability 
M nth  until  impact  on  organization/capability 
Week  until  Impact  on  organization/capability 
Two  days  until  Impact  on  organization/capability 
Immediate  impact  m organization/capability 
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INSTRUCTIONS  FOR 

WORKSHEET  W2.2,  SOFTWARE  CHARACTERISTICS  AND  IMPORTANCE 


GENERAL  PURPOSE  OF  WORKSHEET  W2 . 2 : The  purpose  of  this  worksheet  is  two-fold: 
First,  it  is  used  to  deteirmine  whether  your  software  (applications,  programs) 
are  involved  in  any  sensitive  unclassified  or  classified  processing.  This 
determination  is  accomplished  through  review  of  the  categories  provided  on  Step 
2 Resource  Tables  R2.2a  (Types  and  Examples  of  Sensitive  Unclassified  Data  and 
Software)  and  R2.2b  (Types  of  Classified  Data  and  Software) . Second,  the 
worksheet  determines  the  overall  importance  of  your  software  (applications, 
programs)  to  its  user(s)  and  their  organization.  Importance  is  defined  in 
terms  of:  the  frequency  with  which  a given  software  (application,  program)  is 
used,  and  the  impact  on  you  (and  your  organization  and  its  mission)  if  a given 
software  (application,  program)  were  unavailable.  The  impacts  of 
unavailability  might  include  a significant  production  delay,  a missed  payroll, 
or  the  inability  to  continue  a high-cost  experiment  involving  numerous  other 
participants  and  high-cost  equipment.  Note:  If  a software  package 
(application,  program)  retains  data,  then  it  must  also  be  evaluated  based  upon 
the  importance,  value  and  classification  of  that  data. 

1.  Complete  Block  1 of  the  worksheet  identifying  your  system. 

2.  Review  Resource  Tables  R2.2a  (Types  and  Examples  of  Sensitive  Unclassified 
Software  and  Data)  and  R2.2b  (Types  of  Classified  Data  and  Software) . 

3.  List  the  reference  numbers  of  your  software  in  column  (2)  of  the  worksheet. 

(You  probably  want  to  leave  your  copy  of  the  Step  1 Worksheet  W1 . 3 (Software 

Inventory  and  Costs)  in  plain  view  so  that  you  can  rapidly  identify  each  item 
and  its  corresponding  reference  number.)  Then,  using  Resource  Tables  R2.2a  and 
R2.2b  for  guidance,  review  the  software  (applications,  programs)  used  on  your 
system.  If  your  system  is  not  involved  in  any  classified  or  sensitive 
unclassified  processing,  place  a mark  in  column  (a.l  - unclassified) . If  your 
software  (applications,  programs)  conducts  sensitive  unclassified  processing, 
place  a mark  in  column  a. 2 - sensitive  unclassified);  if  applicable,  check  the 
box(es)  indicating  the  type.  If  classified  processing  is  involved,  place  a 
check  in  the  final  column  (a. 3 - classified)  and  indicate  the  highest 
classification  level  involved,  and  the  mode  of  operation.  In  Block  3 of  the 
worksheet.  Approximate  % Split,  provide  a rough  estimate  of  the  split  between 
the  3 types  of  processing  conducted  (e.g.,  unclassified,  sensitive 
unclassified,  and  classified) . Use  increments  of  10  --10%,  20%,  30%  up  to 
100%  . 


4.  Now  turn  back  to  Resource  Table  R2 . 1 (Rating  the  Importance  of  A System, 
its  Software,  and  Data) . Using  the  rating  schemes  provided  for  Frequency  of 
Use  (Section  b)  and  Impact  if  Unavailable  (Section  c) , provide  a rating  (Very 
Low  to  Very  High)  for  each  of  the  Software  entries  on  the  Worksheet  in  column  b 
(Frequency  of  Use)  and  column  c (Impact  if  Unavailable) . 

5.  If  any  of  your  ratings  are  Medium,  High,  or  Very  High,  circle  them.  Such 
ratings  provide  additional  rationale  for  the  use  of  back-ups,  the  development 
of  procedures  for  contingency  situations,  and  the  possible  application  of 
additional  security  measures. 

6.  Summarize  the  results  of  this  review  in  Step  2 of  the  Executive  Summary, 
Block  2a. 1 and  2b. 2. 

7.  Proceed  to  Worksheet  W2.3,  Data  Characteristics  and  Importance. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

TYPES  AND  EXAMPLES  OF 
SENSITIVE  UNCLASSIFIED 

DATA  AND  SOFTWARE 

STEP  2 

RESOURCE 

TABLE 

R2,2a 

eXPlAJWTION 

EXAMPLECS) 

a.  VITAL  RECORDS 

• FCCOflDS  ESSENTIAL  FOR  MAINTAINING  CONTINUITY 
OF  GOVERNMENT  ACTIVITES  DURING  A NATIONAL 
BVEFGENO 

. EMERGENCY  OPERATONS  RECORDS 

- GENERAL  MANAGEMENT  RECORDS 

- EMERGENCY  MSSCN  RECORDS 

- OTVBI 

. RIGHTS  AND  INTERESTS  RECORDS 

- LEGAL  RIGHTS  RECORDS 

- FBCALFECORDS 

. 07VER 

b.  PRIVACY  ACT 
INFORMATION 

• RECORDS  MAINTAMED  ON  AN  INDIVIDUAL  THAT 
CONTAINS  A NAME,  DENTIFYING  IS8JMBER  OR 

SYMBOL,  OR  PARTICULARS  ASSIGNED  TO  AN 
INDIVIDUAL 

. PAY  AM)  RETIREMENT  BENEFITS  RECORDS 
. MEDCAL  AND  PSYCHOLOGICAL  RECORDS 
. EDUCATONAL  ACHIEVEMENT  RECORDS 
. FINANCIAL  TRANSACTONS 
. OTVER 

C.  UNCLASSIFIED 
CONTROLLED 

NUCLEAR  INFORMATION 
(UCNI) 

• CE  RTAIN  UNCLASSIFIED  GOVERNMENT 

INFORMATION  PROHIBITED  FROM 

UNAUTHORIZED  DISSEMINATION 

. ATOMC  ENERGY  DEFENSE  PROGRAMS  INFORMATION 
. PRODUCTION  OR  UTLIZATON  FACILITIES  DESIGN 
. SECURITY  MEASURES  ON  SNM 

- PRODUCTION  OR  UTILIZATION  FACILITIES 

- INSTORAGE 

- IN  TRANSIT 

. FOWVERLY  RESTRCTED  DATA  ON 

DESIGN,  MANUFACTURE,  UTILIZATION  OF  NUCLEAR 
YCAPONS  OR  COMPONENTS 

. OTFER 

d.  OFFICIAL  USE  ONLY 
(OUO)* 

• UNCLASSIFIED  INFORMATION  WHICH  MAY  BE  EXEMPT 
FROM  PUBLC  RELEASE  UNDER  THE  FREEDOM  OF 
INFORMATON  ACT. 

. DOE  INTERNAL  CORRESPONDENCE 
. WORKNG  PAPERS  ON  DEFENSE  PROGRAMS 
. OTVER 

e.  NATIONAL  SECURITY 
RELATED  (BUT 
UNCLASSIFIED) 

• UNCLASSIFIED  INFORMATION  WHICH,  ALONE  OR 

THE  AGGREGATE,  REVEALS  INFORMATION  REGARDING 
A HIGH-VALUE  U,S,  PROGRAM  OR  INITIATIVE. 

• UNCLASSIFIED  INFORMATION  DEVELOPED  AND 

STORED  REGARDING  DOE  MISSION(S) 

. INTE  RNATONAL  TRAFFIC  IN  ARMS  CONTROL 
. UNCLASSIFED  INTELLIGENCE  INFORMATION 
. CONTROLLED  SCENTFC  AND  TECHNICAL  INFORMATION 

■ NUCLEAR  NON-PROLIFERATION  ACT  RELATED 

■ NAVAL  NUCLEAR  REACTOR  PROGRAM  RELATED 

■ STRATEGC  DEFENSE  INITIATIVE  RELATED 
• MILITARY  CRITCAL  TECHNOLOGIES  LIST 

. FOREIGN  EXCHANGE  INFORMATION 
. OTHER 

f.  DOE  SECURITY  OR 

MISSION  RELATED 

• UNCLASSIFIED  INFORMATION  DEVELOPED 

AND  STORED  TO  ADMINISTER  AND  ENSURE 
COMPLIANCE  WITH  DOE  SECURITY 

PROGRAMS 

• UNCLASSIFED  INFORMATION  DEVELOPED 

AND  STORED  REGARDING  DOE  MISSION(S) 

. LIFE  ESSENTIAL 
. MISSION  ESSENTIAL 
. IRRECOVERABLE  INFORMATION 
. LIMITED  ACCESS  INFORMATION 
. SECURITY/INTERNAL  AUDIT  INFORMATION 
. INVESTIGATONILAW  EXPERIEMENT  INFORMATION 
. LEGAL  t^CXWATION 
. AUDIT  INFORMATION 

, CONTRACT  AND  PROPRETARY  INFORMATION 
. ALITOMATED  DECISION-MAKING  INFORMATION 
. OTVER 

g.  GOVERNMENT 
COMMERCIAL 
CONFIDENTIAL 
INFORMATION 

• SENSITIVE  COMMERCIAL  ^FORMATION  NOT 
INCLUDING  RESTRCTED  DA’’»  GEhCRATED  BY 

THE  GOVERNMENT,  THE  RELEASE  OF  WHCH 

COULD  PUT  THE  GOVERNMENT  AT  A COMPETITIVE 
DISADVANTAGE  W PROV0ING  ENRCHMENT 

SERVCES 

• PROGRAM-SPECIFIC  INFORMATION 

• R&D  BREAKTHROUGHS 

• OTVER 

h.  INDIVIDUALLY 
IDENTIFIABLE 

ENERGY  INFORMATION 

• TH  IS  IS  AN  E lA  DESIGNATION  AND  REFE  RS  TO 
COMPANY  SPECIFIC  INFORMATON  THAT  CAN  BE 
READILY  ATTRIBUTED  TO  THAT  COMPANY 

• OIL  P ROOUCTON  AND  COST  DATA 

• SPOT  MARKET  PRICES  PAID 

• POSSBJE  FUTURE  CATEGORY 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


• TYPES  OF  CLASSIFIED  DATA 
AND  SOFTWARE 

• MODES  OF  OPERATION 


STEP  2 


RESOURCE 

TABLE 

R2.2b 


a.  EXPLANATION  OF  MARKINGS 


Classifications  - Symbol 

Categories  - Symbol 

Comments 

Top  Secret  -TS 

Secret  - S 

Confidential  -C 

Restricted  Data  - RO 

Formerly  Restncted  Data  - FRO 

National  Security  Information  - NSI 

Both  a classification  and  category  are 
required  on  all  DOE  matter. 

b.  MARKINGS  AND  RELATIONSHIPS  TO  DOE  CS-EARANCES  AND  ACCESS  AUTHORIZATION 

Access  Authorization 

Classification 

Category 

(Clearance) 

DOE  Badge  Indicator 

TS 

RD 

Q 

1.2 

FRD 

Q,TS 

1,2,3 

NSI 

Q,  TS 

1,2,3 

S 

RD 

Q 

1.2 

FRD 

Q.TS.S.L 

1,2, 3, 4, 5 

NSI 

O,  TS.S.L 

1.2,  3,  4,  5,  6 

C 

RD 

Q.  L 

1,2,  5 

FRD 

Q.TS.S,  L 

1,2, 3, 4, 5, 6 

NSI 

Q.TS.S.L 

1,2,  3,  4,  5,  6 

c.  SPECIAL  MARKINGS: 

Information  Marking 

Explanation  of  Marking 

Examples 

PARD 

Protect  As  Restricted  Data 

DOE  Nudear  Weapons  Program  computations  and  material 
associated  with  a weapons  code 

CRYPTO 

Cryptographic  data 

Classified  or  Unclassified  information  on  cryptographic 
equipment,  techniques  or  materials 

WNINTEL 

"Warning  Notice  - Intelligence  Sources  and 
Methods  Involved." 

Classified  intelligence  related  data,  sources,  or  methods 

WD 

Weapons  data 

Self-explanatory 

Production  Data 

Weapon  or  material  production  data 

Self-explanatory 

CNWDI 

Critical  nuclear  weapon  design  information 

Self-Explanatory 

COMSEC 

Communications  security 

Telecommunications  equipment,  techniques  or  security 
information 

NOFORN  or 

NFD 

No  foreign  dissemination 

Information  not  to  be  released  to  foreign  or  third-country 
nationals 

SRD,CRD 

SNSI,CNSI,etc. 

Electronic  transmissions  abbreviations 

Self-explanatory 

d.  MODES  OF  OPERATION: 

MODE 

EXPLANATION 

SYSTEM  HIGH 

SECURITY  MODE 

All  system  users  in  this  enY-onment  must  possess  dearances  and  authorizations  for  all  information  contained  in  the 
system,  and  ail  system  ou5)ut  must  be  dearly  marked  with  the  highest  dassification  and  all  system  caveats,  until  the 
information  has  been  reviewed  manually  by  an  authorized  individucti  to  ensure  appropriate  dassifications  and  caveats 
have  been  affixed. 

DEDICATED  SECURITY 

MODE 

The  mode  of  operation  in  which  the  system  is  specifically  cind  exclusively  dedicated  to  and  controlled  tor  the 
processing  of  one  particular  type  or  dassification  of  information,  either  for  full-time  operation  or  for  a specified  period 
of  time. 

MULTILEVEL 

SECURITY  MODE 

The  mode  of  operation  which  allows  two  or  more  dassification  levels  of  information  to  be  processed  simultaneously 
within  the  same  system  when  some  users  are  not  cleared  for  all  levels  of  information  present. 

COMPARTMENTED 
SECURITY  MODE 

The  mode  of  operation  which  allows  the  system  to  process  two  or  more  types  of  compartmented  information  or  any 
one  type  of  compartmented  information  with  other  than  compartmented  information.  All  system  users  need  not  be 
deared  for  all  types  of  compartmented  information  processed,  but  must  be  fully  deared  for  at  least  TOP  SECRET 
information  for  unescorted  access  to  the  computer. 
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INSTRUCTIONS  FOR 

WORKSHEET  W2 . 3 DATA  CHARACTERISTICS  AND  IMPORTANCE 


GENERAL  PURPOSE  OF  WORKSHEET  W2 . 3 : The  purpose  of  this  worksheet  is  two-fold: 

First,  it  is  used  to  determine  whether  the  data  used  as  input  to  or  results  from 
processing  are  sensitive  unclassified  or  classified.  This  determination  is 
accomplished  through  review  of  the  categories  provided  on  Step  2 Resource  Tables 
R2.2a  (Types  and  Examples  of  Sensitive  Unclassified  Data  and  Software)  and  R2.2b 
(Types  of  Classified  Data  and  Software) . Second,  the  worksheet  determines  the 
overall  importance  of  these  data  sets  to  their  user(s)  and  their  organization. 
Importance  is  defined  here  in  terms  of:  the  frequency  with  which  specific  data  sets 
are  used,  and  the  impact  on  you  (and  your  organization  and  its  mission)  if  certain 
data  were  unavailable.  The  impacts  of  unavailability  might  include  a significant 
production  delay,  a missed  payroll,  or  the  inability  to  continue  a high-cost 
experiment  involving  numerous  other  participants  and  high-cost  equipment . 

1.  Complete  Block  1 of  the  worksheet  identifying  your  system. 

2.  Review  Resource  Tables  R2.2a  (Types  and  Examples  of  Sensitive  Unclassified 
Software  and  Data)  and  R2.2b  (Types  of  Classified  Data  and  Software) . 

3.  List  the  reference  numbers  of  your  data  in  column  (2)  of  the  worksheet.  (You 
probably  want  to  leave  your  copy  of  the  Step  1 Worksheet  W1 . 4 (Data  Inventory  and 
Costs)  in  plain  view  so  that  you  can  rapidly  identify  each  item  and  its 
corresponding  reference  number.)  Then,  using  Resource  Tables  R2.2a  and  R2.2bjfor 
guidance,  review  the  data  entries.  If  your  system  does  not  use  any  classified  or 
sensitive  unclassified  data  in  processing,  place  a mark  in  column  a.l 
(unclassified) . If  your  system  uses  sensitive  unclassified  data  for  processing, 
place  a mark  in  column  a. 2 (sensitive  unclassified);  if  applicable,  check  the 
box(es)  indicating  the  type.  If  classified  processing  is  ir.-olved,  place  a check  in 
the  final  column  a. 3 (classified)  and  indicate  the  highest  c±assif ication  level  of 
the  data  involved,  and  the  mode  of  operation  used  by  the  system.  In  Block  3 of  the 
worksheet.  Approximate  % Split,  provide  a rough  estimate  of  the  split  between  the  3 
types  of  data  processed  by  your  system  (e.g.,  unclassified,  sensitive  unclassified, 
and  classified) . Use  increments  of  10  — 10%,  20%,  30%  up  to  100%. 

4.  Now  turn  to  Resource  Table  R2 . 1 (Rating  the  Importance  of  A System,  its 
Software,  and  Data) . Using  the  rating  schemes  provided  for  Frequency  of  Use 
(Section  b)  and  Impact  if  Unavailable  (Section  c) , provide  a rating  (Very  Low  to 
Very  High)  for  each  of  the  Software  entries  on  the  Worksheet  in  column  b (Frequency 
of  Use)  and  column  c (Impact  if  Unavailable) . 

5.  If  any  of  your  ratings  are  Medium,  High,  or  Very  High,  circle  them.  Such 
ratings  provide  additional  rationale  for  the  use  of  back-up  copies,  the  development 
of  procedures  for  contingency  situations,  and  the  possible  application  of  additional 
security  measures.  Cross-check  whether  the  entries  meriting  back-ups  (e.g.,  those 
rated  M,  H,  or  VH)  actually  DO  have  back-ups.  Refer  to  your  answers  regarding 
back-ups  on  the  Step  1 Worksheets  W1 . 3 and  W1 . 4 to  conduct  this  cross-check. 

6.  Summarize  the  results  of  this  review  in  Step  2 of  the  Executive  Summary,  Block 
2a . 2 and  2b . 3 . 

7.  Proceed  to  Step  3,  Review  Baseline  Security  Requirements  (BLSRs)  and  Identify 
Those  Not  Met  or  Partially  Met. 
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STEP  3 


\ 


REVIEW  BASELINE  SECURITY  REQUIREMENTS  (BLSRs) 

AND  IDENTIFY  THOSE  NOT  MET  OR  PARITALLY  MET 


STEP  3 

GENERAL  PURPOSE  OF  STEP  3:  The  purpose  of  Step  3 is  to  determine  whether  your 
system's  hardware,  software,  and  data  — as  they  exist  today  in  their  current 
operating  environment  and  utilized  by  you  and  your  organization  — meet  the 
minimum  Baseline  Security  Requirements  (BLSRs)  set  forth  in  applicable  DOE 
Orders.  In  the  previous  step  you  identified  whether  your  system  was  involved  in 
sensitive  unclassified  or  classified  processing.  In  this  step,  you  are  asked  to 
review  brief  lists  of  security  countermeasures  (requirements)  that  MUST  be  in 
place,  per  DOE  order,  to  protect  such  processing.  For  the  majority  of 
small/simple  systems  and  stand  alone  large/complex  systems  (as  defined  in  Step  1 
of  the  Guideline)  that  are  involved  in  sensitive  unclassified  processing.  Step  3 
will  provide  an  adequate  assessment  of  the  current  ris)cs  to  your  system. 
Therefore,  upon  completion  of  the  BLSR,  you  will  have  conducted  sufficient 
assessment  of  your  ris)cs  to  document  the  decisions  made,  accept  or  upgrade  your 
current  ris)c  profile,  and  obtain  management  sign-off.  During  this  step  of  the 
ris)c  assessment,  it  may  become  obvious  that  the  system's  rislc  posture  has  been 
sufficiently  assessed,  evaluated,  and  accommodated.  If  it  is  found  that  all 
necessary  BLSRs  are  satisfied  you  need  only  enter  the  appropriate  information  on 
the  Executive  Summary. 

STEP  3 END-PRODUCTS:  This  Step  will  result  in  an  assessment  of  your  current 
security  profile  in  terms  of  (1)  whether  you  currently  have  met  all  of  DOE's 
minimum  baseline  security  requirements  that  apply  to  sensitive  unclassified  and 
classified  ADP  processing;  (2)  a list  of  any  noted  deficiencies;  (3)  a list  of 
upgrades  that  are  recommended  to  correct  any  noted  deficiencies;  and  (4)  target 
dates  for  correcting  the  noted  deficiencies.  Further,  for  the  majority  of 
small/simple  systems  (as  defined  in  Step  1 of  this  process) , the  Step  3 results 
provide  an  adequate  assessment  of  the  current  risks  to  your  system.  Therefore, 
Step  3 also  documents  the  decisions  made  to  accept  or  upgrade  your  current  ris)c 
profile,  and  provides  the  basis  for  obtaining  management  sign-off  for  these 
decisions . 


IT  IS  RECOMMENDED  THAT  YOU  REVIEW  STEP  3 IN  ITS  ENTIRETY  BEFORE  STARTING.  IF  YOU 
ALREADY  HAVE  INFORMATION  THAT  FULFILLS  THE  OBJECTIVES  OF  STEP  3,  AND/OR  PREFER  TO 
DEVELOP  IT  USING  AN  ALTERNATE  RISK  ASSESSMENT  METHOD,  YOU  MAY  PROCEED  TO  THE 
EXECUTIVE  SUMMARY  AND  COMPLETE  THE  BLOCK  FOR  STEP  3.  BE  SURE  TO  NOTE  WHAT 
SOURCES  AND/OR  METHODS  WERE  USED  TO  DEVELOP  THIS  INFORMATION.  ATTACH  COPIES  OF 
ANY  SUPPORTING  DOCUMENTATION  TO  ENSURE  THAT  THE  INFORMATION  ENTERED  ON  YOUR 
EXECUTIVE  SUMMARY  IS  FULLY  SUPPORTED. 


GETTING  STARTED 


1.  Open  to  your  copy  of  the  Executive  Summary  and  the  Step  3 wor)csheet.  (The 
Step  3 Wor)csheets  W3.1a  - W3.8b,  Review  of  Baseline  Security  Requirements  are 
located  at  the  Step  3 Wor)csheet  ‘ab  in  Volume  II)  . 

2.  Turn  to  the  Step  3 Resource  Tables  (located  with  the  Step  3 directions)  which 
provides  the  Master  List  of  DOE  Baseline  Security  Requirements  (Resource  Tables 
R3,  pages  1 and  2) . First  note  the  titles  of  the  Orders  listed;  these  orders 
are  all  relevant  to  the  security  of  DOE  computer:  facilities,  personnel, 
documentation,  systems,  software,  data,  telecommunications,  emissions,  program 
administration  and  management,  and  operating  environment.  Note  that  column  (a) 
in  the  left-hand  column  of  the  Master  List  contains  an  alphabetic  code  for  each 
Order  cited.  These  letter  codes  appear  at  the  end  of  each  requirement  listed  on 
Wor)csheets  W3 . 1 - W3 . 8 . 
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Turn  to  W3 . 1 for  example  and  note  that  each  entry  is  followed  by  a parentheses 
0 containing  a CAPITAL  or  lower-case  letter.  This  letter  designates  the  DOE 
document  in  which  the  particular  requirement  was  stated  so  that  if  you  need 
further  clarification  of  a requirement,  you  may  locate  the  appropriate  Order. 

The  CAPITAL  letter  code  is  used  for  orders  published  by  the  unclassified 
computer  security  program  and/or  pertaining  to  the  protection  of  sensitive 
unclassified  information.  The  lower-case  letter  code  is  used  for  orders 
promulgated  by  the  classified  computer  security  program  and/or  pertaining  to  the 
protection  of  classified  information.  It  should  be  noted,  however,  that  there 
are  a number  of  exceptions  where  a document  applies  to  BOTH  programs.  These 
documents  are  marked  with  an  {*) . The  Worksheets  are  also  organized  to  reflect 
this:  BLSRs  are  listed  under  one  of  the  following  categories:  "Sensitive 

Unclassified;"  "Classified;"  or  "Both." 

3.  Now  look  at  the  series  of  8 Worksheets,  each  of  which  lists  the  minimum  Base 
^ine  Security  Requirements  (BLSRs)  for  a specific  security  discipline  area.  The 
8 security  discipline  areas  covered  in  this  Step,  along  with  the  assets  with 
which  they  are  concerned,  are  listed  below.  As  you  review  each  discipline  area, 
keep  in  mind  your  system  (hardware,  software,  data) ; personnel;  hard-copy 
information;  operating  environment;  physical  facility;  communications 
interfaces;  etc.  Any  stated  applicable  requirement  that  you  cannot  answer  in 
the  affirmative  is  a deficiency. 

-Worksheet  W3.1a  and  W3 . lb.  Review  of  BLSRs  for  Physical  Security:  This  table 
sets  forth  minimum  requirements  for  controlling  access  to  and  protecting  the 
physical  building,  computing  area/room,  computing  resources,  support  items, 
storage  areas,  and  all  human  resources. 

-Worksheet  W3.2,  Review  of  BLSRs  for  Personnel  Security:  This  table  sets  forth 
minimum  requirements  for  ensuring  that  personnel  access  to  and  use  of  computing 
resources  (hardware,  software,  data)  is  properly  controlled. 

-Worksheet  W3.3,  Review  of  BLSRs  for  Information  Security:  This  table  sets 
forth  minimum  requirements  for  the  protection  of  all  hard-copy  (non-electronic) 
information . 

-Worksheet  W3.4,  Review  of  BLSRs  for  Communications:  This  table  sets  forth 
minimum  requirements  for  the  protection  of  all  communications  equipment, 
interfaces  (wires,  cables,  lines,  etc.),  and  the  data  transmitted  on/by  them  in 
support  of  ADP  processing/operations. 

-Worksheet  W3.5,  Review  of  BLSRs  for  Emissions  Security  (TEMPEST):  This  table 
sets  forth  minimum  requirements  for  the  protection  (from  interception)  of  any 
emissions  (signals,  data)  produced  by  electronic  (ADP)  systems. 

-Worksheet  W3.6a  and  W3 . 6b,  Review  of  BLSRs  for  Computer  Security:  This  table 
sets  forth  minimum  requirements  for  the  protection  of  the  total  ADP  system 
(hardware,  software,  and  electronically  stored/processed  data) . 

-Worksheet  W3.7,  Review  of  BLSRs  for  an  organization's  Adminisrative/  Procedural 

Security  or  Security  Management:  This  table  sets  forth  minimum  requirements  for 
the  establishment  and  management  of  a security  organization  and  program 
necessary  to  support  day-to-day  operations  while  meeting  security  procedural 
requirements.  (It  should  be  noted  that  procedures  specific  to  a security 
discipline  area,  such  as  procedures  for  configuration  management  or  system 
testing,  are  set  forth  under  the  appropriate  security  discipline  (e.g.,  computer 
security  in  this  example) . 
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-Worksheet  W3.8a  and  W3.8b,  Review  of  BLSRs  for  Environmental  Security  and 

Safety : This  table  sets  forth  minimum  requirements  for  ensuring  that  all 

ADP  resources  and  personnel  are  protected  from  all  environmental 
accidents,  incidents,  malfunctions,  etc. 

By  reviewing  the  Baseline  Security  Requirements  (BLSRs)  in  each  category, 
you  will  be  able  to  identify  whether  you  have  fully  or  partially  met  them, 
and  whether  major  deficiencies  exist  in  your  security  program. 

4.  Finally,  obtain  any  materials  that  already  exist  which  may  be  helpful 
in  completing  this  BLSR  review  and/or  which  you  may  desire  to  use  as 
supporting  documentation  for  attachment  to  the  Executive  Siammary.  Helpful 
materials  include  results  from  prior:  Compliance  Reviews,  audit  results, 
security  test  and  evaluation  results,  reports  documenting  the  results  of 
formal  inspections  and  evaluations,  internal  site/facility/system 
procedural  documentation.  Computer  Security  Program  Reviews,  and 
Management  Reviews . These  materials  should  contain  selected  data 
regarding  those  areas  where  your  system  did  not  meet  stated  DOE 
requirements,  along  with  recommendations  regarding  how  the  noted 
deficiencies  were  (to  be)  corrected.  Should  any  of  these  materials 
partially  or  fully  meet  the  objectives  of  Step  3,  document  this  on  the 
Executive  Summary  and  reference  or  append  this  documentation. 

5.  Proceed  to  Step  3,  Worksheets  W3.1a  - W3.1b,  Baseline  Security 
Requirements  Review. 


NOTE : It  should  be  noted  that  the  BLSRs  set  forth  in  these  Resource 

Tables  have  been  carefully  cross-checked  with  the  areas  of  inquiry  set 
forth  in  the  Safeguards  and  Security  Standards  and  Criteria  (Document  "a") 
to  ensure  all  standards  and  criteria  are  addressed  in  the  Baseline 
Security  Requirements  provided  here. 
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INSTRUCTIONS  FOR 

WORKSHEETS  W3 . 1 - W3.8,  BASELINE  SECURITY  REQUIREMENTS  (BLSRs ) REVIEW 


GENERAL  PURPOSE  OF  WORKSHEETS  W3 . 1 - W3 . 6 ; The  general  purpose  of  this  series  of 
worksheets  is  to  provide  a way  to  easily  identify  whether  your  system  has  fully  met 
the  requirements  established  for  it  (its  operating  environment  and  its  users)  as 
specified  in  all  applicable  DOE  Orders.  By  reviewing  the  Baseline  Security 
Requirements  (BLSRs)  in  each  category,  you  will  be  able  to  identify  whether  you  have 
fully  met  the  BLSRs,  partially  met  them,  whether  major  deficiencies  exist,  or  whether 
it  is  not  applicable.  This  worksheet  also  directs  you  to  a list  of  countermeasures 
for  your  review  from  which  you  may  select  appropriate  countermeasures  to  eliminate 
any  noted  deficiencies. 

1.  Begin  your  review  of  the  BLSRs  provided  in  the  Worksheets.  Use  the  following  key 
to  indicate  in  the  box  next  to  each  stated  requirement  whether  you  have:  Met  the 
requirement  (Y) , Not  Met  The  Requirement  (NO) , Only  Partially  fulfilled,  or  have  met 
on  paper  but  Do  Not  practice/use  routinely  (P> . If  a BLSR  is  not  applicable,  place 
N/A  in  the  box.  If  you  are  unsure  about  a specific  BLSR  and  its  applicability  to 
your  system,  refer  back  to  the  Master  List  in  Resource  Table  R3  to  identify  from 
which  Order  the  requirement  was  extracted.  If  you  are  still  unsure,  you  may  wish  to 
consult  the  specific  order  cited.  You  may  also  wish  to  review  the  lists  of  BLSRs 
with  appropriate  representatives  from  physical  security,  personnel  security, 
technical  security,  docximent  control,  and  Health  and  Safety. 

2 . As  you  complete  your  review  of  the  requirements  stated  for  each  security 
discipline  area,  record  the  results  on  the  Executive  Summary  in  the  Step  3 Block 
under  coliomn  (la)  (All  Requirements  Met)  (Yes  or  No)  or  under  column  (lb)  (Noted 
Deficiencies) . If  any  deficiencies  were  identified,  state  in  column  (Ic)  (Will  Do 
By)  the  date  (month/year)  by  which  the  noted  deficiency  will  be  corrected.  An 
identified  deficiency  is  corrected  by  implementing  the  specific  BLSR  that  has  not,  to 
date,  been  met.  If  your  particular  site/system  is  exempted  from  meeting  a given 
BLSR,  cannot  comply  with  a specific  BLSR,  or  a BLSR  is  not  applicable  to  your  system, 
so  note  this  on  Step  3 of  the  Executive  Summary  under  column  (d)  (Comments  and/or 
Supplemental  Upgrades) . 

3.  If  no  deficiencies  were  found  in  a given  discipline  area,  you  have  met  all  the 
stated  requirements.  Turn  to  Block  2 at  the  bottom  of  the  Executive  Summary,  Step  3. 

This  Block  asks  you  whether  the  results  that  you  developed  in  Steps  1 and  2 
regarding  the  overall  value  and  importance  of  your  hardware,  software  and  data  are 
significant  enough  to  warrant  upgrades  of  these  security  measures  that  already  exist 
and  fulfill  the  BLSRs. 

4.  If  no  supplemental  countermeasures  are  merited,  you  may  conclude  the  assessment 
here  (unless  your  system,  as  defined,  in.  Steps  1 and  2,  dictates  use  of  Steps  4 and 
5)  . 

5.  If,  in  your  review,  you  met  all  the  BLSRs  but  have  decided  that  you  would  like  to 
implement  supplemental  countermeasures  in  certain  areas  due  to  your  Step  1 and  2 
results,  you  should  now  consult  the  Resource  Tables  provided  in  Step  5.  These  tables 
(Countermeasures  Guidance,  Resource  Tables  R5 . la  - RS.lh)  provide  lists  of 
countermeasures  also  organized  by  security  discipline  area.  Locate  the  discipline 
area(s)  where  you  desire  upgrades  and  review  the  countermeasures  listed  there.  Note 
selected  entries  have  a check  mark  next  to  them  in  the  left  hand  margin.  These  check 
marks  indicate  that  the  particular  countermeasure  is  generally  easy  to 
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implement  at  a fairly  low  cost.  Select  the  countermeasure  (s)  necessary  to  supplemient 
your  existing  program.  Note  any  selection  (s)  in  column  (d) , Comments  and/or 
supplemental  upgrades  and  enter  the  date  you  intend  to  complete  the  upgrade (s)  in 
column  (c) , Will  Do  By. 

6.  If  use  of  Steps  4 and  5 is  not  necessary,  proceed  to  Step  6 and  obtain  the 
necessary  sign-off  from  management  indicating  acceptance  of  your  system's  risk 
profile.  If  further  assessment  is  necessary  or  desired  based  on  the  overall  value  and 
importance  of  your  system,  software  and  data,  proceed  to  Step  4. 

Finally,  the  worksheet  allows  you  to  end  the  risk  assessment  after  completion  of  Step 
3 if  appropriate.  You  are  asked  to  decide  whether  the  value  and  importance  of  your 
system's  hardware,  software  (applications,  programs)  and  data  support  further,  more 
detailed  assessment.  For  the  majority  of  small/simple  systems  (as  defined  in  Step  1 
of  the  Guideline),  continuation  will  not  be  necessary. 
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MASTER  LIST  OF 

DOE  SECURITY 
REQUIREMENTS 

STEP  3 

DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

RESOURCE 

TABLE 

R3 

(Page  1) 

BASELINE  :: 
SEQUmEMEHt 
CODE* 

(fr)  OOE  DOCUMENT  TrTLE 
(AS  Of  Soptemo^  18S9> 

ooe 

DOCUMENT 
NUMBER  ** 

A. 

ESSENTIAL  AND  VITAL  RECORDS  PROTECTION  PROGRAM 

DOE  5500. 7 A 

B. 

PROTECTION  OF  UNCLASSIFIED  CONTROLLED  NUCLEAR 
INFORMATION  (UCNI) 

DOE  5635.4 

(* 

) C. 

MANAGEMENT  OF  AUTOMATED  INFORMATION  SYSTEMS  AND 

DATA  RESOURCES 

DOE  1330.1  B 

{* 

) D. 

ACQUISITION  AND  MANAGEMENT  OF  COMPUTING  RESOURCES 

DOE  1360. 1A 

E. 

UNCLASSIFIED  COMPUTER  SECURITY  PROGRAM 

DOE  1360.2A 

F. 

SCIENTIFIC  AND  TECHNICAL  INFORMATION  PROGRAM 

DOE  1430.2A 

G. 

POLICY  FOR  THE  DISSEMINATION  OF  AND  ACCESS  TO 
DEPARTMENTAL  UNCLASSIFIED  SCIENTIFIC  AND  TECHNICAL 
INFORMATION 

DOE  1430.3 

H. 

PRIVACY  ACT 

DOE  1800. 1A 

1. 

MANAGING  SCIENTIFIC  AND  TECHNICAL  INFORMATION 

DOE  1430. 1A 

J. 

SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE 

DOE  1360.4A 

K. 

INTERNAL  CONTROL  SYSTEMS 

DOE  1000.3B 

L. 

USE  OF  TERMINALS  AND  MICROCOMPUTERS/WORD 

PROCESSORS  OFF-SITE  AS  WELL  AS  PRIVATELY-OWNED  ONES 

ON-  OR  OFF-SITE 

DOE  1360.7 

a. 

SAFEGUARDS  AND  SECURITY  STANDARDS  AND  CRITERIA 

N/A 

(*) 

b. 

TELECOMMUNICATIONS;  EMISSION  SECURITY  (TEMPEST) 

DOE  5300.2B 

(*) 

c. 

TELECOMMUNICATIONS;  COMMUNICATIONS  SECURITY 

DOE  5300. 3B 

(*) 

d. 

TELECOMMUNICATIONS:  PROTECTED  DISTRIBUTION  SYSTEM 

DOE  5300.4B 

(*) 

e. 

FIRE  PROTECTION 

DOE  5480.7 

(*) 

f. 

STANDARD  FOR  FIRE  PROTECTION  OF  DOE  ELECTRONIC 
COMPUTER/DATA  PROCESSING  SYSTEMS 

DOE/EP-0108 

* NOTE:  The  code  uses  capital  letters  to  specify  Orders  pertaining  to  the  Unclassified  Computer  Secunty  Program.  Small  case  letters 
refer  to  Orders  developed  for  the  Classified  Computer  Security  Program.  However,  it  should  be  noted  that  selected  Orders 
apply  to  both  programs  and  are  marked  with  an  ( * ). 


*★  NOTE: 


See  Cross  Reference  List  for  numerical  listing  of  Orders. 
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STEP  3 

DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

MASTER  LIST  OF 

DOE  SECURITY 
REQUIREMENTS 

RESOURCE 

TABLE 

R3 

(Page  2) 

(8}  BASELiNE 
REQUtREMENT 
CODE* 

(b)  DO£  DOCUMENT  TITLE 
(Aia  ol  $e{H«mber 

(C)  DOE 
DOCUMENT 
NUMBER** 

(*)  g- 

PERSONNEL  SECURITY  PROGRAM 

DOE  5631.2B 

h. 

SAFEGUARDING  OF  NAVAL  NUCLEAR  PROPULSION 

INFORMATION 

DOE  5630.8 

(*)  i 

VIOLATION  OF  LAWS,  LOSSES,  INCIDENTS  OF  SECURITY 

CONCERN 

DOE  5631 .5 

(*)  j. 

PROTECTION  PROGRAM  OPERATIONS 

DOE  5632.1  A 

k. 

OPERATIONS  SECURITY 

DOE  5632.3B 

(*)  1. 

PHYSICAL  PROTECTION  OF  SPECIAL  NUCLEAR  MATERIAL  AND 

VITAL  EQUIPMENT 

DOE  5632.2A 

m. 

SECURITY  SURVEYS,  NUCLEAR  MATERIALS  SURVEYS  AND 

FACILITY  APPROVALS 

DOE  5634.1  A 

n. 

CONTROL  OF  CLASSIFIED  DOCUMENTS  AND  INFORMATION 

DOE  5635.1  A 

0. 

TECHNICAL  SURVEILLANCE  COUNTERMEASURES  PROGRAM 

DOE  5636.3A 

P- 

CLASSIFIED  COMPUTER  SECURITY  PROGRAM 

DOE  5637.1 

q- 

PHYSICAL  PROTECTION  OF  CLASSIFIED  MATTER 

DOE  5632.5 

( *)  r. 

PHYSICAL  PROTECTION  OF  DOE  PROPERTY  AND  UNCLASSIFIED 
FACILITIES 

DOE  5632.6 

( *)  s. 

PROTECTIVE  FORCES 

DOE  5632.7 

(*)  t 

PROTECTION  PROGRAM  OPERATIONS:  SYSTEM  PERFORMANCE 
TESTS 

DOE  5632.8 

( *)  u. 

ISSUANCE,  CONTROL,  AND  USE  OF  BADGES,  PASSES  AND 
CREDENTIALS 

DOE  5632.9 

V. 

CONTROL  OF  WEAPON  DATA 

DOE  5610.2 

w. 

MASTER  SAFEGUARDS  AND  SECURITY  AGREEMENTS 

DOE  5630.13 

X. 

MANAGEMENT  AND  CONTROL  OF  FOREIGN  INTELLIGENCE 

DOE  5670.1 

* NOTE:  The  code  uses  capital  letters  to  specify  Orders  pertaining  to  the  Unclassified  Computer  Security  Program  Small  case  letters 
refer  to  Orders  developed  for  the  Classified  Program.  How/ever,  it  should  be  noted  that  selected  Orders  apply  to  both 
programs  and  are  marked  with  an  ( * ). 


**  NOTE;  See  Cross  Reference  List  for  numerical  listing  of  Orders. 
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CROSS  REFERENCE  NUMERIC 

STEP  3 

ucrAK 1 Mcn 1 ur  CNtnuT 

ADP  SYSTEM  RISK  ASSESSMENT 

LISTING  OF  DOE  ORDERS  USED  TO 
DEVELOP  SECURITY 
REQUIREMENTS 

RESOURCE 
TABLE  R3 
(Page  3) 

OOe:;;::®::::::.:::: 

OOCVMeNT 

NUMBER 

DOE  DOCMMBIT  TITI^ 

(A»  ^ 

BASELINE 

REQUIREMENT 

CODE 

1000.38 

INTERNAL  CONTROL  SYSTEMS 

K, 

1330.18 

MANAGEMENT  OF  AUTOMATED  INFORMATION  SYSTEMS  AND  DATA  RESOURCES 

C. 

1360.1  A 

ACQUISITON  AND  MANAGEMENT  OF  COMPUTING  RESOURCES 

D. 

1360.2A 

UNCLASSFED  COMPUTER  SECURITY  PROGRAM 

E. 

1360. 4A 

SCIENTFIC  AND  TECHNICAL  COMPUTER  SOFTWARE 

J. 

1360.7 

USE  OF  TERMINALS  AND  MICROCOMPUTERSWORD  PROCESSORS  OFF-SITE  AS  WELL  AS 
PRIVATELY-OWNED  ONES  ON-  OR  OFF-SITE 

L. 

1430.1  A 

MANAGING  SCIENTFIC  AND  TECHNICAL  INFORMATION 

1. 

1430.2A 

SCIENTFC  AND  TECHNICAL  INFORMATION  PROGRAM 

F. 

1430.3 

POLCY  FOR  THE  DISSEMINATION  OF  AND  ACCESS  TO  DEPARTMENTAL  UNCLASSIFIED  SCIENTFIC  AND 
TECHNICAL  INFORMATION 

G, 

1800.1  A 

PRIVACY  ACT 

H 

5300.28 

TELECOMMUNICATIONS;  EMISSION  SECURITY  (TEMPESTl 

b. 

5300.38 

TELECOMMUNICATIONS:  COMMUNICATIONS  SECURITY 

c. 

5300.48 

TELECOMMUNICATIONS:  PROTECTED  DISTRIBUTION  SYSTEM 

d. 

5480.7 

FIRE  PROTECTION 

e. 

5500. 7A 

ESSENTIAL  AND  VITAL  RECORDS  PROTECTION  PROGRAM 

A 

5610.2 

CONTROL  OF  WEAPON  DATA 

V. 

5630.8 

SAFEGUARDING  OF  NAVAL  NUCLEAR  PROPULSION  INFORMATION 

h. 

5630.13 

* 5631. 1A 

MASTER  SAFEGUARDS  AND  SECURITY  AGREEMENTS 

SECURITY  EDUCATION  PROGRAM 

w. 

5631.28 

PERSONNEL  SECURITY  PROGRAM 

9' 

5631.5 

VIOLATION  OF  LAWS,  LC : SES,  INCIDENTS  OF  SECURITY  CONCERN 

i. 

5632.1  A 

PROTECTION  PROGFIAM  OPERATIONS 

j- 

5632.2A 

PHYSICAL  PROTECTION  OF  SPECIAL  NUCLEAR  MATERIAL  AND  VITAL  EQUIPMENT 

1. 

5632.38 

OPERATIONS  SECURITY 

k. 

5632.5 

PHYSICAL  PROTECTION  OF  CLASSIFIED  MATTER 

q- 

5632.6 

PHYSICAL  PROTECTION  OF  DOE  PROPERTY  AND  UNCLASSIFIED  FACILITIES 

r. 

5632.7 

PROTECTIVE  FORCES 

s. 

5632.8 

PROTECTION  PROGRAM  OPERATIONS:  SYSTEM  PERFORMANCE  TESTS 

t. 

5632.9 

ISSUANCE.  CONTROL  AND  USE  OF  BADGES,  PASSES  AND  CREDENTIALS 

u. 

5634.1  A 

SECURITY  SURVEYS.  NUCLEAR  MATERIALS  SURVEYS  AND  FACILITY  APPROVALS 

m. 

5635.1  A 

CONTROL  OF  CLASSIFIED  DOCUMENTS  AND  INFORMATON 

n. 

5635.4 

PROTECTION  OF  UNCLASSIFIED  CONTROLLED  NUCLEAR  INFORMATION  (UCNI) 

8. 

5636. 3A 

TECHNCAL  SURVEILLANCE  COUNTERMEASURES  PROGRAM 

0. 

5637.1 

CLASSIFIED  COMPUTER  SECURITY  PROGRAM 

p 

5670.1 

MANAGEMENT  AND  CONTROL  OF  FOREIGN  INTELLIGENCE 

X. 

DOE-EP-0108 

STANDARD  FOR  FIRE  PROTECTION  OF  DOE  ELECTRONIC  COMPUTER/DATA  PROCESSING  SYSTEMS 

f. 

N/A 

SAFEGUARDS  AND  SECURrv  STANDARDS  AND  CRITERIA 

a. 

* NOT  ON  MASTERLIST 
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REVIEW  THREATS  AND  VULNERABILITIES  AND 

IDENTIFY  ANY  WHICH  AFFECT  YOUR  SYSTEM 

STEP  4 


GENERAL  PURPOSE  OF  STEP  4;  The  purpose  of  Step  4 is  to  conduct  a review  of  the 
threats  that  might  affect  your  system  because  of  existing  weaknesses  or 
vulnerabilities  in  your  system  that  could  be  exploited  and  cause  a threat 
occurrence . 

The  Step  4 worksheet  is  organized  to  allow  for  the  identification  of  threats  to 
specific  assets  of  your  system  and  operating  environment.  It  is  completed 
using  the  Step  4 Resource  Tables,  (R4.1  - R4.7),  which  are  organized  as 
follows . 

Four  major  threat  categories  are  presented  on  each  of  the  Step  4 Resource 
Tables : 

Natural  Threats 

Intentional  Human  Threats  (both  insider  and  outsider) 

Unintentional  Human  Threats  (both  insider  and  outsider) 

Environmental  Threats. 

A resource  table  has  been  developed  for  each  of  the  primary  assets  of  the 
system  and  its  operating  environment.  These  assets  include  the: 

Physical  facility  (building,  computer  room,  supporting  utilities, 
non-ADP  equipment,  supplies,  etc.) 

Personnel  (computer  operator  (s),  system  manager,  computer  security 
official,  data  base  administrator,  etc.) 

Information  (hard-copy  and  electronically  stored  data,  and  electronic 
emissions ) 

Communications  (lines,  networks,  COMSEC  security  devices,  protected 
distribution  systems,  phones,  modems,  etc.) 

Computer  Hardware  (CPU,  peripherals,  controllers,  etc.) 

Computer  Software  (operating  system  software,  utilities  software, 
applications  software,  etc.) 

Procedures/Administ at ion /Management  (all  procedural,  administrative, 
and  organizational  functions,  documentation,  and  general  business 
practices  that  are  necessary  to  effectively  operate  and  use  the 
system. ) 

Resource  Table  R4.1-4.6,  Sample  Impact  of  Threats  to  and  Vulnerabiltiies  of  the 
Physical  Facility,  presents  specific,  real-world  examples  of  these  threats  as 
they  may  affect  the  given  asset.  This  two  page  set  will  help  you  think  through 
various  threat  situations,  combinations,  and  scenarios  in  order  to  postulate 
your  specific  threat  situation  ( s ) . 
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As  you  review  the  Resource  Tables  in  Step  4,  also  keep  in  mind  the  definitions 
for  the  four  key  impact  areas:  damage,  destruction,  disclosure,  and  denial. 

Damage : This  state  exists  when  any  asset,  unintentionally  or 

intentionally,  suffers  damage  as  a consequence  of  the  threat,  making 
the  asset  unusable  until  repairs/fixes  can  be  made.  Damage  includes 
alteration  and  modification  to  data. 

Destruction : This  state  exists  when  any  asset,  unintentionally  or 

intentionally,  is  declared  irreparable  and  irrecoverable  due  to  threat 
induced  destruction. 

Disclosure ; This  state  exists  when  unauthorized  access  to  an  asset 
occurs,  causing  information  or  data  to  be  accessed  by  or  released  to 
someone  without  a clearance  or  a need  to  know.  This  includes  the 
misuse  of  any  data  by  someone  with  authorized  access. 

Denial  (of  Service) : This  state  exists  when  computer  services  cannot 
be  performed  or  made  available  within  an  acceptable  period  of  time. 

Keep  in  mind  as  you  review  the  resource  tables  that  these  are  only  examples  of 
the  different  threats  and  how  they  might  impact  a specific  asset.  To  use  the 
resource  tables,  think  through  whether  or  not  a particular  threat  could  occur 
because  of  existing  system  vulnerabilities.  If  the  answer  is  yes,  ask  yourself 
w.hat  the  impact  might  be  if  the  threat  occurred  - damage  of  the  asset, 
destruction  of  the  asset,  denial  of  use  of  the  asset  or  unauthorized  disclosure 
of  information. 

STEP  4 END-PRODUCTS:  This  Step  will  result  in  (1)  a threat  and  vulnerability 
analysis  of  your  system,  facility,  and  its  assets  within  its  operating 
environment.  It  will  also  (2)  allow  you  to  identify  which  of  the  applicable 
threats  are:  very  likely  to  occur,  likely  to  occur,  or  unlikely  to  occur. 
Finally,  Step  4 will  provide  the  basis  for  determining  which  vulnerabilities 
should  be  corrected,  and  in  what  order,  based  on  the  simple  probabilities 
identified  for  threat  occurence. 


IT  IS  RECOMMENDED  THAT  YOU  REVIEW  STEP  4 IN  ITS  ENTIRETY  BEFORE  STARTING.  IF 
YOU  ALREADY  HAVE  INFORMATION  THAT  FULFILLS  THE  OBJECTIVES  OF  STEP  4,  AND/OR 
P.REFER  TO  DEVELOP  IT  USING  AN  ALTERNATE  RISK  ASSESSMENT  METHOD,  YOU  MAY  PROCEED 
TO  THE  EXECUTIVE  SUMMARY  AND  COMPLETE  THE  BLOCK  FOR  STEP  4.  BE  SURE  TO  NOTE 
WHAT  SOURCES  AND/OR  METHODS  WERE  USED  TO  DEVELOP  THIS  INFORMATION.  ATTACH 
COPIES  OF  ANY  SUPPORTING  DOCUMENTATION  TO  ENSURE  THAT  THE  INFORMATION  ENTERED 
ON  YOUR  EXECUTIVE  SUMMARY  IS  FULLY  SUPPORTED. 


GETTING  STARTED 


1 . Open  to 
Volume  II. 


your  copies  of  the  Executive  Summary  and  the  Step  4 Worksheet  in 
(Step  4 Resource  Tables  are  in&luded  with  Step  4 instructions.) 
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2.  Familiarize  yourself  with  the  Step  4 Resource  Tables.  The  Worksheets 
provide  an  overview  of  threat  impacts  . The  Resource  Tables  provide  specific 
real-world  illustrations  of  how  a particular  threat  could  affect  an  asset  in 
terms  of  destruction,  damage,  disclosure  and  denial  of  service.  Also  note  that 
environmental  threats  are  treated  a little  differently.  Resource  Table  R4.7d  is 
an  acetate  entitled  "Map  of  DOE  Facilities  in  the  U.S"  (located  at  the  very  back 
of  Step  4) . A key  is  also  included  that  provides  full  facility  titles  for  use 
in  clarifying  the  acronym's  used  on  the  map.  The  acetate  is  for  your  use  as  an 
overlay  when  reviewing  Resource  Tables  R4.7a  - R4.7c  that  deal  with  the 
environmental  threats  of  earthquakes,  tornadoes,  and  thunderstorms  in  the 
continental  United  States. 

3.  Obtain  any  materials  that  already  exist  which  may  be  helpful  in  completing 
Step  4 and/or  which  you  may  desire  to  use  as  supporting  documentation  for 
attachment  to  the  Executive  Summary.  Helpful  materials  include  your  most  recent 
Statement  of  Threat  (where  applicable) , recent  incident  reports  and  historical 
records  of  security  incidents  for  the  last  5-10  years,  any  regionalized  threat 
information  developed  to  support  threat  and  vulnerability  assessments  in  your 
locality,  and  current/past  Security  Test  Plans  and  results.  If  the  existing 
materials  meet  the  objectives  of  Step  4,  document  this  in  Step  4 of  the 
Executive  Summary,  and  reference  or  append  this  documentation. 

If  regionalized  threat  materials  are  not  current  or  available,  it  is  often 
worthwhile  to  contact  your  organization's  security  office  for  help  in  obtaining 
current  crime  statistics.  Also  note  that  the  Annotated  Bibliography,  located  on 
a floppy  diskette  which  is  included  with  this  Guideline,  provides  a listing  of 
current  articles  on  threats  and  vulnerabilities  for  your  use  if  you  desire 
supplemental  materials. 

4.  Proceed  to  Worksheet  W4.1,  Threats  and  Vulnerabilities  of  the  Physical 
Facility . 
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INSTRUCTIONS  FOR 

WORKSHEET  W4.1-W4.6,  THREAT  AND  VULNERABILITY  REVIEW 


GENERAL  PURPOSE  OF  WORKSHEET  W4.1-W4.6:  The  purpose  of  these  Worksheets  is  to  record 
which  specific  threats  could  impact  your  system,  software,  data,  and  operating 
environment  due  to  existing  deficiencies  in  your  security  profile.  Further,  these 
Worksheets  also  address  the  probability  that  a given  threat  could  arise  at  your  site  or 
in  your  locality.  (An  uncomplicated  probablility  scheme  is  provided  for  your  use  in  the 
Note  at  the  bottom  of  the  Worksheet.)  Step  4 of  Executive  Summary  allows  you  to  specify 
the  priority  in  which  the  identified  threat (s)  should  be  treated. 

1.  Review  the  Step  4 Resource  Tables  (R4.1  - R4.7)  and  Worksheets  (W4.1-W4.6)  and  think 
through  how  each  specific  threat  could  impact  your  assets.  Using  the  Worksheets 
W4.1-W4.6,  place  a star  next  to  any  of  the  threats  of  concern;  then  circle  the 
appropriate  check  mark(s)  to  indicate  which  impacts  are  the  most  worrisome.  For  your 
review  of  Resource  Tables  R4 . 7 (Environmental  Threats),  remove  the  acetate  overlay  from 
the  binder  and  place  it  on  top  of  each  incident  map  to  determine  whether  your  locality 
is  in  a high  risk  area.  Note  any  threats  of  concern  and  annotate  all  the  other  Resource 
Tables  (under  "Natural  Threats")  based  on  how  the  environmental  threats  impact  your 
assets . 

2.  Summarize  the  threat  impacts  of  greatest  concern  by  asset  area  on  Executive  Summary 
Part  4,  column  (a) . Provide  a brief  explanation,  if  needed,  to  clarify  why  and  how  a 
particular  threat  could  impact  your  system. 

3.  Using  the  probability  key  provided  here  and  at  the  bottom  of  Executive  Summary  Part 
s,  enter  a High  (H) , Medium  (M) , or  Low  (L)  probability  rating  in  column  (b)  for  the 
threat  impacts  you  have  listed  on  the  Worksheet.  These  ratings  will  help  you  decide 
which  threats  and  their  intact s should  be  addressed  as  serious  concerns,  and  in  what 
specific  order  upgrades  should  be  inplemented. 

Probability  Key:  High  (H)  = Threat  is  very  likely  to  occur  (more  than  once 

within  a year) . 

Medium  (M)  = Threat  is  likely  to  occur  (only  once  every  5 
years) . 

Low  (L)  = Threat  is  unlikely  to  occur  (only  once  every  10 

years  or  lass  frequently) . 

4.  Based  on  the  probability  ratings  you  provide..,  prioritize  the  order  in  which  the 
upgrades  that  you  recommend  for  dealing  with  these  threat  impacts  should  be  implemented. 

You  may  .sequentially  rank  the  order  in  which  these  threats  should  be  addressed  (e.g., 
1st,  2nd,  3rd,  etc.)  or  you  may  wish  to  use  the  following  scheme: 

(1)  = Fix  immediately 

(2)  = Fix  within  the  next  6-12  months 

(3)  - Fix  if  and  when  resources  are  available. 

5.  After  you  have  coir^leted  your  review  of  all  Step  4 Resource  Tables  and  have  entered 
the  results  on  the  Step  4 Executive  Summary,  it  is  suggested  that  you  convene  a meeting 
of  colleagues  who  are  knowledgeable  about  the  system  being  assessed  and  who  are 
conversant  with  security  matters.  Suggested  team  members  include  representatives  from 
physical  security,  personnel  security,  technical  security,  document  cont*.ox,  and  Health 
and  Safety.  This  informal  meeting  is  suggested  as  a "sanity  checkpoint"  to  discuss  the 
results  of  your  review  in  order  to  ensure  completeness  and  provide  different 
perspectives  on  possible  threat  scenarios  and  probabilities. 

6.  Proceed  to  Step  5,  Countermeasures  Review  and  Identification. 
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SAMPLE  IMPACTS  OF 

STEP  4 

THREATS  TO  AND 

VULNERABILITIES  OF 

RESOURCE 

THE  PHYSICAL 

TABLE 

FACILITY 

R4.1 

DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


a.  IMPACTS  FROM  NATURAt.  THREATS^ 


Building  is  destroyed  by  fire. 

Computer  facility  is  flooded  by  heavy  rain  and  flood  waters. 

Computer  facility  is  inaccessible  because  of  sustained  damages. 

Sensitive  information  is  disclosed  to  emergency  personnel  involved  in  facility 
evaluation  during  emergency. 


b.  IMPACTS  FROM  INTENTIONAL  HUMAN  THREATS  : 


• Computer  facility  is  destroyed  by  terrorist  bombing. 

• Use  of  computer  facility  denied  because  of  civil  disorder  outside  facility. 

• Sensitive  information  disclosed  because  of  unauthorized  access  to  computer 
facility 

• Computer  supplies  damaged  by  vandals. 


C.  IMPACTS  FROM  UNINTENTIONAL  HUMAN  THREATS; 


• Sensitive  information  disclosed  when  computer  operator  forgets  to  lock  the 
computer  facility  at  end  of  the  day. 

• Computer  supplies  destroyed  when  employee  stores  them  in  a damp  area. 

• Computer  facility  damaged  when  maintenance  personnel  accidentally  set  off 
Halon  fire  suppression  system. 

• Building  becomes  inaccessible  when  a toxic  gas  is  released. 


IMPACTS  FROM  ENVIRONMENTAL  THREATS: 


• Computer  facility  becomes  inaccessible  because  of  failed  heating  system. 

• Building  is  destroyed  after  being  condemned  for  structural  failures. 

• Sensitive  information  is  disclosed  and  computer  facility  damaged  when  support 
column  for  computer  facility  wall  collapses. 
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1 

SAMPLE  IMPACTS  OF 

STEP  4 

DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
PERSONNEL 

RESOURCE 

TABLE 

R4.2 

a.  IMPACTS  FROM  NATURAL  THREATS; 

• Personnel  are  killed  during  an  earthquake. 

• Personnel  are  injured  in  a fire. 

• Computer  operators  are  unavailable  because  of  injuries  sustained  during  a 
tornado. 

b>  IMPACTS  FROM  INTENTIONAL  HUMAN  THREATS  : 


• Key  personnel  are  taken  hostage  by  terrorists. 

• Key  personnel  are  injured  when  assaulted  by  striking  workers. 

• Personnel  are  murdered  when  a bomb  explodes. 

• Sensitive  information  is  disclosed  by  personnel  when  they  are  kidnapped  and 
threatened. 


C.  IMPACTS  FROM  UNINTENTIONAL  HUMAN  THREATS; 


• Computer  operator  is  injured  when  moving  some  computer  supplies. 

• Systems  manager  dies  after  suffering  heart  attack. 

• Data  processing  manager  inadvertently  discloses  sensitive  information  to 
unauthorized  individuals  during  meeting. 


tl.  IMPACTS  FROM  ENVIRONMENTAL  THREATS: 


• Employee  suffers  heat  exhuastion  because  of  failed  cooling  system. 

• Ceiling  collapse  causes  the  death  of  an  employee. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

SAMPLE  IMPACTS  OF 
THREATS  TO  AND 
VULNERABILITIES  OF 
INFORMATION,  DATA, 
AND  EMISSIONS 

STEP  4 

RESOURCE 

TABLE 

R4.3 

a* *  IMPACTS  FROM  NATURAL  THREATS; 

• Data  use  denied  because  facility  is  inaccessible  due  to  power  failure. 

• Data  is  destroyed  by  fire. 

• Data  base  integrity  damaged  by  effects  of  lightning. 

• Sensitive  data  disclosed  because  tornado  scatters  storage  media  and  hardcopy 
outputs  throughout  uncontrolled  access  area. 

b.  IMPACT^  FROM  INpNTIONAL  HUMAW  TNREAT5: 


• Data  base  is  destroyed  through  sabotage  by  authorized  user  who  enters  incorrect 
or  false  data. 

• Data  base  damaged  by  a virus  that  alters  selected  files. 

• Data  base  use  denied  because  of  theft  by  vandals. 

• Classified  or  sensitive  data  disclosed  through  the  interception  of  emissions. 


c.  IMPACTS  FROM  Uf^lHTEHTtONAL  HUMAK  THREATS* 


• Data  damaged  by  exposure  to  an  electro-magnetic  field. 

• Data  base  destroyed  by  emotionally  distraught  employee. 

• Data  base  unavailable  because  of  errors  in  the  DBMS  software. 

• Sensitive  data  disclosed  because  operator  incorrectly  patched  output  device. 


d.  IMPACTS  FROM  ENVIRONMENTAL  THREATSj 


• Data  base  destroyed  by  power  surge. 

• Data  base  damaged  by  exposing  storage  media  to  extreme  humidity. 

• Data  base  unavailable  because  air  conditioning  failure  has  shut  system  down. 

• Sensitive  data  disclosed  because  power  fluctuation  caused  a change  in  the 
security  label  of  message  thereby  allowing  its  transmission  to  unauthorized  sites. 


42 


62 


1 

DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

SAMPLE  IMPACTS  OF 
THREATS  TO  AND 
VULNERABILITIES  OF 
COMMUNICATIONS 

STEP  4 

RESOURCE 

TABLE 

R4.4 

a,  IMPAOTE  FROM  NATURAL  THREATS: 

• Communication  lines  destroyed  by  earthquake 

• Communication  lines  damaged  by  fallen  tree  during  storm 

• System  use  denied  because  of  downed  communication  lines 

• Sensitive  material  disclosed  because  cryptographic  devices  are  found  by 
unauthorized  personnel 

IMFACTS  FROM  INTENT10I4AL  HUMAN  THREATS: 


• Communication  lines  are  destroyed  by  bomb  explosion 

• Communication  lines  are  damaged  by  rioters 

• Use  of  communication  lines  denied  because  a saboteur  has  cut  the  lines 

• Sensitive  information  disclosed  as  a result  of  wiretaps 


IMPACTS  from  UNINTENTtONAt  HUMAN  THREATS: 


• Communication  lines  damaged  by  worker  neglect  when  performing  facility  repairs 

• Communication  equipment  destroyed  by  employee  spilling  a cleaning  agent  on 
equipment 

• Use  of  communications  equipment  denied  because  communications  security 
equipment  is  improperly  keyed 

• Sensitive  data  disclosed  because  crypto  keying  material  was  left  in  an  opened 
security  container. 


cl* *  IMPACTS  FROM  ENVIRONMENTAL  THREATS; 


• Communications  equipment  destroyed  by  water  from  overhead  sprinkler  system 

• Communications  equipment  damaged  by  excessive  humidity 

• Use  of  communications  equipment  denied  because  facility  becomes  inaccessible 
due  to  structural  problems 

• Sensitive  data  disclosed  because  emergency  personnel  must  clear  the  area  after 
roof  collapses. 
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SAMPLE  IMPACTS  OF 

STEP  4 

THREATS  TO  AND 
VULNERABILITIES  OF 

RESOURCE 

TABLE 

R4.5a 

COMPUTER  HARDWARE 

DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


a.  IMPACTS  FROM  NATURAt  THRSATSi 


Central  processing  unit,  peripherals,  storage  media  damaged  from  exposure  to 
water,  debris,  pollutants 
Magnetic  media  destroyed  by  fire 

Sensitive  information  disclosed  because  storage  media  is  scattered  throughout 
uncontrolled  access  areas 

System  use  denied  because  of  damaged  hardware,  destroyed  magnetic  media, 
and  inaccessible  computer  facility. 


b.  tMPACTS  FROM  tNT£NUOWAl  HUMAN  THREATS; 


• System  use  denied  because  equipment  was  stolen  and  computer  center  was 
vandalized 

• Hardware  and  computer  center  destroyed  by  arsonist  attack 

• Storage  media  damaged  through  negligent  handling 

• Sensitive  information  disclosed  by  unauthorized  access. 


c,  IMPACTS  FROM  UNINTENTfONAL  HUMAN  THREATS; 


• Peripheral  equipment  damaged  by  disk  head  crash 

• Storage  media  destroyed  by  accidentally  spilling  coffee  on  the  media 

• Classified  information  disclosed  through  release  of  malfunctioning  storage  media 
to  maintenance  personnel  prior  to  degaussing 

• Use  of  hardware  denied  because  operator  failed  to  follow  proper  start-up 
procedures. 


gT.  IMPACTS  FROM  ENVIRONMENTAL  THREATS; 


• Use  of  hardware  denied  because  of  overheating  problems  caused  by  failure 
of  cooling  system 

• Hardware  destroyed  from  water  exposure  caused  by  a break  in  an  overhead 
water  pipe 

• Some  peripheral  equipment  damaged  by  collapsing  ceiling  tiles 

• Sensitive  information  disclosed  because  computer  center  is  evacuated 
because  of  imminent  structural  failure  and  access  by  emergency  personnel. 

■MTTWTwmMwiiia  jiit^uuniMMiiiiiiiwiiiii—g^^^i^— —*  * 
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( DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

SAMPLE  IMPACTS  OF 
THREATS  TO  AND 
VULNERABILITIES  OF 
COMPUTER  SOFTWARE 

STEP  4 

RESOURCE 

TABLE 

R4.5b 

a* *  IMPACTS  FROM  NATURAL  THREATS: 

• Software  documentation  and  storage  media  destroyed  by  fire 

• Software  damaged  from  water  and  debris 

• Sensitive  information  disclosed  because  sensitive  software  media  is  scattered 
throughout  uncontrolled  access  areas 

• Use  of  software  denied  because  operational  copies  of  software  are  damaged  by 
water  debris. 

b;  IMPACTS  FROM  INTENTIOWAL  HUMAN  THREATS: 


• Software  is  destroyed  because  of  a trap  door  that  was  undetected  because  of  poor 
configuration  management  procedures 

• Software  is  damaged  through  neglect  in  handling  and  storage 

• Software  use  denied  because  a virus  caused  erasure 

• Sensitive  information  disclosed  because  an  unauthorized  user  masqueraded  as  a 
legitimate  user. 


c.  IMPACTS  FROM  UNINTENTIONAL  HUMAN  THREATS: 


• Software  is  damaged  because  operator  failed  to  write  protect  media 

• Software  is  destroyed  by  accidently  deleting  the  program 

• Sensitive  information  disclosed  as  a result  of  programming  error  which  causes 
sensitive  data  to  be  misrouted  to  unauthorized  output  device. 

• Software  use  denied  because  of  program  loading  problems. 


d.  IMPACTi  FROM  ENVIRONMENTAL  THREATS: 


• Use  of  software  denied  because  of  power  outage 

• Software  destroyed  by  water  as  a result  of  a break  in  an  overhead  water  pipe 

• Software  damaged  by  surge  in  power 

• Sensitive  information  disclosed  because  software  was  accessible  by  unauthorized 
personnel  repairing  structural  defects. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

SAMPLE  IMPACTS  OF 
THREATS  TO  AND 
VULNERABILITIES  OF 
ADP  SYSTEM 
PROCEDURES, 
ADMINISTRATION  AND 
MANAGEMENT 

STEP  4 

RESOURCE 

TABLE 

R4.6 

a,  IMPACTS  FROM  NATURAL  THREATS: 

• ADP  center's  contingency  plan  has  never  been  tested,  so  recovery  from 

destruction  caused  by  a major  flood  is  very  slow. 

• Absence  of  life-cycle  configuration  documentation  hampers  the  task  of  rebuilding 
the  damaged  system. 

• Sensitive  information  disclosed  because  tornado  has  scattered  material 
throughout  uncontrolled  access  area. 


IMPACTS  PROM 


INTENTIONAL  HUM/W  THREATS: 


• System  documentation  is  destroyed  by  arsonist  attack. 

• System  documentation  is  damaged  because  vandals  have  maliciously  shredded 
all  manuals. 

• Carelessness  in  protecting  recent  security  test  and  evaluation  results  lead  to  their 
theft  by  campus  hackers. 


c.  IMPACTS  FROM  UNINTENTIONAL  HUMAN  THREATS; 


Inattention  to  basic  housekeeping  procedures  leads  to  serious  system 
malfunction  caused  by  dust  and  debris  entering  the  system. 


d.  i imAC:TS}^nOfA  ENyjRONMEHTAL  THREATS; 


Documentation  is  damaged  because  of  extreme  humidity. 

Routine  maintenance  checks  of  sprinkler  system  are  neglected  after  staff 
reductions  occur,  leading  to  a costly  repair. 
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dence  of  thunder- 
storm days — days  on 
which  thunderstorms 
are  observed — for  the 
United  States. 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

LEGEND  FOR 

MAP  OF  DOE  FACILITIES 

IN  THE  U.S. 

STEP  4 

RESOURCE 

TABLE 

R4.7d 

(P«0«  2) 

©HEADQUARTERS: 

(a 

^RESEARCH  AND  DEVELOPMENT  FACILITIES 

CSTM  Computer  Services  and  Tele* 

AMES 

Ames  Laboratory 

communications  Management 

anl 

Argonne  National  Laboratory 

EIA  Energy  Information  Administration 

BAPL 

Bettis  Atomic  Power  Laboratory 

OCRWM  Office  of  Civilian  Radioactive 

BNL 

Brookhaven  National  Laboratory 

Waste  Management 

fnal 

Fermi  National  Accelerator 

Laboratory 

w operations  OFFICES: 

OA 

GA  Technologies,  Inc. 

AL  Albuquerque 

OJPO 

Grand  Junction  Project  Office 

CH  Chicago 

INEL 

Idaho  National  Engineering 

ID  Idaho 

Laboratory 

MV  Nevada 

ITRI 

Inhalation  Toxicology  Research 

OR  Oak  Ridge 

Institute 

RL  Richland 

KAPL 

Knolls  Atomic  Power  Laboratory 

SAN  San  Francisco 

L6L 

Lawrence  Berkeley  Laboratory 

SR  Savannah  River 

LLNL 

Lawrence  Livermore  National 

■1 

Laboratory 

■ energy  TECHNOLOGY  CENTERS: 

LANL 

Los  Alamos  National  Laboratory 

METC  Morgantown 

MIT-LNS  Massachusetts  Institute  of 

PETC  Pittsburgh 

Technology  - Laboratory  for 

Nuclear  Science 

AponeR  ADMINISTRATIONS: 

NMFECC  National  Magnetic  Fusion 

1 APA  Alaska 

Energy  Computing  Center 

BPA  Bonneville 

ORAU 

Oak  Ridge  Associated  Universities 

SEPA  Southeastern 

PPPL 

Princeton  Plasma  Physics 

SWPA  Southwestern 

Laboratory 

WAPA  Western  Area 

SNLA 

Sandia  National  Laboratories, 

A 

Albuquerque 

“COMPLEXES:  (Generally,  a complex 

SNLL 

Sandia  National  Laboratories, 

includes  an  operations  office  and 

Livermore 

one  or  more  research,  test,  and/or 

SERI 

Solar  Energy  Research  Institute 

production  facilities  that  are 

SLAC 

Stanford  Linear  Accelerator 

government-owned  and  contractor- 

Center 

operated . ) 

WIPP 

Waste  Isolation  Pilot  Plant 

HAN  Hanford 

NVC  Nevada 

U OTHER  DEPARTMENTAL  COMPONENTS: 

ORC  Oak  Ridge 

NPOSR 

-CUW  Naval  Petroleum  and  Oil 

SRC  Savannah  River 

Shale  Reserves  in  Colorado, 

Utah,  and  Wyoming 

▼ PRODUCTION  FACILITIES: 

NPRC 

Naval  Petroleum  Reserves  in 

KCD  Kansas  City  Plant 

Cal i fornia 

MF  Mound  Facility 

OSTl 

Office  of  Scientific  and 

PX  Pantex  Plant 

Technical  Information 

PIA  Pinellas  Plant 

SPRO 

Strategic  Petroleum  Reserve 

PORTS  Portsmouth  Ohio  Enrichment 

Project  Management  Office 

Facility 

RFP  Rocky  Flats  Plant 

WHCO  Westmghouse  Materials 

Company  of  Ohio 
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REVIEW  AND  SELECT  COUNTERMEASURES  OR 

ACCEPT  CURRENT  RISK  PROFILE 

STEP  5 

GENERAL  PURPOSE  OF  STEP  5 : The  purpose  of  Step  5 is  two-fold.  It  provides  an 
opportunity  to  review  available  countermeasures  in  each  of  the  security  discipline 
areas  and  decide  which  ones  are  appropriate  for  implementation  to  counter  the 
threat  impacts  identifed  in  Step  4.  However,  if  your  review  of  threat  impacts  does 
not  result  in  the  identification  of  any  new  concerns,  and  confirms  that  your 
security  program  fully  address  the  possible  threats  for  your  system  and  site,  then 
Step  5 also  allows  you  to  acknowledge  this  by  accepting  your  current  risk  profile 
in  each  or  all  of  the  security  discipline  areas. 

STEP  5 END-PRODUCTS:  This  step  will  result  in  (1)  a prioritized  list  of 
countermeasures  for  implementation  in  each  of  the  security  discipline  areas;  OR 
(2)  a formal  acceptance  of  your  current  risk  profile  made  based  on  a documented 
review  and  analysis  of  possible  threat  impacts  to  your  system. 


IT  IS  RECOMMENDED  THAT  YOU  REVIEW  STEP  5 IN  ITS  ENTIRETY  BEFORE  STARTING.  IF 
YOU  ALREADY  HAVE  INFORMATION  THAT  FULFILLS  THE  OBJECTIVES  OF  STEP  5,  AND/OR 
PREFER  TO  DEVELOP  IT  USING  AN  ALTERNATE  RISK  ASSESSMENT  METHOD,  YOU  MAY  PROCEED 
TO  THE  EXECUTIVE  SUMMARY  AND  COMPLETE  THE  BLOCK  FOR  STEP  5 . “ BE  SURE  TO  NOTE 
WHAT  SOURCES  AND/OR  METHODS  WERE  USED  TO  DEVELOP  THIS  INFORMATION.  ATTACH 
COPIES  OF  ANY  SUPPORTING  DOCUMENTATION  TO  ENSURE  THAT  THE  INFORMATION  ENTERED  ON 
YOUR  EXECUTIVE  SUMMARY  IS  FULLY  SUPPORTED. 


GETTING  STARTED 


1.  Open  to  your  copy  of  the  Executive  Summary  and  the  Step  5 Worksheet  in 
Volume  II.  The  Step  5 Worksheet  is  located  at  the  Step  5 Worksheet  tab.  Note 
the  similarities  between  the  Executive  Summary,  Step  5 Block  and  the  Step  5 
Worksheet.  If  you  would  like  to  record  the  results  of  your  countermeasures 
review  directly  on  the  Executive  Summary,  Step  5 Block,  you  may.  Otherwise,  use 
the  Worksheet  provided  as  a strawman,  first-cut  version. 

2.  Familiarize  yourself  with  the  Step  5 Resource  Tables  RS.la  - RS.lh, 
Countermeasures  Guidance.  Note  that  there  is  a Resource  Table  that  provides 
countermeasures  guidance  for  each  of  the  8 security  discipline  areas  listed  in 
column  (a)  of  the  Step  5 Worksheet.  A brief  review  of  these  8 Resource  Tables 
by  individual  discipline  area  is  provided  below: 

-Resource  Table  RS.la,  Countermeasures  Guidance  for  Physical  Security:  This 
table  provides  countermeasures  for  controlling  access  to  and  protecting  the 
physical  building,  computing  area/room,  computing  resources,  support  items, 
storage  areas,  and  all  human  resources. 

-Resource  Table  RS.lb,  Countermeasures  Guidance  for  Personnel  Security:  This 
table  provides  countermeasures  for  ensuring  that  personnel  access  to  and  use  of 
computing  resources  (hardware,  software,  data)  is  properly  controlled. 

-Resource  Table  RS.lc,  Countermeasures  Guidance  for  Information  Security:  This 

table  provides  countermeasures  for  the  protection  of  all  hard-copy 
(non-electronic)  information. 

-Resource  Table  R5 . Id,  Countermeasures  Guidance  for  Communications:  This  table 
provides  countermeasures  for  the  protection  of  all  communications  equipment, 
interfaces  (wires,  cables,  lines,  etc.),  and  the  data  transmitted  on/by  them  in 
support  of  ADP  processing/operations. 
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-Resource  Table  R5.1e,  Countermeasures  for  Emissions  Security  (TEMPEST):  This 

table  provides  countermeasures  for  the  protection  (from  interception)  of  any 
emissions  (signals,  data)  produced  by  electronic  (ADP)  systems. 

-Resource  Table  RS.lf,  Countermeasures  for  Computer  Security:  This  table  provides 
countermeasures  for  the  protection  of  the  total  ADP  system  (hardware,  software, 
and  data) . 

-Resource  Table  RS.lg,  Countermeasures  for  Adminisrative/Procedural  Security  and 

Security  Management:  This  table  provides  countermeasures  dealing  with  the 
establishment  and  management  of  a security  organization  and  program  necessary  to 
support  day-to-day  operations  while  meeting  security  procedural  requirements.  (It 
should  be  noted  that  procedures  specific  to  a security  discipline  area,  such  as 
procedures  for  configuration  management  or  system  testing,  are  set  forth  under  the 
appropriate  discipline  (Computer  Security  in  this  example) . 

Resource  Table  RS.lh,  Countermeasures  for  Environmental  Security  and  Safety:  This 

table  provides  countermeasures  for  ensuring  that  ADP  resources  and  personnel  are 
protected  from  environmental  accidents,  incidents,  malfunctions,  etc. 

The  countermeasures  listed  in  the  Step  5 Resource  Tables  are  not  intended  to  be 
all  inclusive.  The  lists  provide  a fairly  comprehensive  treatment  of  the  most 
prevalently  used  countermeasures  in  a specific  security  discipline  area. 

Additional  countermeasures  guidance  can  be  found  by  consulting  the  Guideline's 
Annotated  Bibliography,  Sections  5 and  6. 

3 . Keep  in  mind  that  countermeasures  in  one  discipline  area  may  actually  protect 
assets  in  more  than  one  area.  For  example,  an  administrative  countermeasure  may 
provide  protection  to  communications  assets,  personnel,  and  the  physical  facility. 

Therefore,  you  should  review  all  the  countermeasures  tables,  not  just  the  one  in 
which  you  identified  a vulnerability  in  Step  4 . 

4.  The  countermeasures  listed  in  the  Step  5 Resource  Tables  are  organized, 
whenever  possible,  into  common  groupings  (e.g.,  equipment-related,  procedures, 
etc.)  . Note  also  that  selected  entries  have  a checlc  mar)c  next  to  them  in  the  left 
hand  margin.  These  chec)c  mar)cs  indicate  that  the  particular  countermeasure  is 
generally  easy  to  implement  at  a fairly  low  cost. 

5.  If  any  of  the  countermeasures  listed  in  the  Step  5 Resource  Tables  are 
unfamiliar,  consult  the  Guideline's  Glossary  for  clarification. 

6.  Finally,  obtain  any  materials  that  already  exist  which  may  be  helpful  in 
completing  this  countermeasures  review  and  selection,  and/or  which  you  may  desire 
to  use  as  supporting  documentation  for  attachment  to  the  Executive  Summary. 

Helpful  materials  include  countermeasures  recommendations  made  in  prior: 

Compliance  Reviews,  audits,  security  test  and  evaluation  results,  reports 
documenting  the  results  of  formal  inspections  and  evaluations.  Computer  Security 
Program  Reviews,  and  Management  Reviews.  Should  any  of  these  materials  partially 
or  fully  meet  the  objectives  of  Step  5,  document  this  on  the  Executive  Summary  and 
reference  or  append  this  documentation. 

7.  You  may  also  find  it  useful  to  refer  Resource  Table  RS.li,  Guidance  for 
Determining  Costs  of  Countermeasures,  and  to  current  issues  of  security-related 
product  magazines  and  literature  in  order  to  develop  approximate  cost  estimates 
for  countermeasures.  Your  local  security  organization  will  most  lilcely  be  able  to 
provide  you  with  product  related  information  and  associated  cost  estimates. 

8.  Proceed  to  Step  5,  Wor)csheet  W5,  Countermeasures  Review  and  Identification. 
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INSTRUCTIONS  FOR 

WORKSHEET  W5,  COUNTERMEASURES  REVIEW  AND  IDENTIFICATION 


GENERAL  PURPOSE  OF  WORKSHEET  W5 : The  purpose  of  this  worksheet  is  to  identify  and 
select  countermeasures  appropriate  for  your  system  that  are  useful  in  countering  or 
precluding  the  threat  irrpacts  identified  in  the  previous  Step.  Further,  it  allows 
you  to  record  the  priority  in  which  selected  countermeasures  should  be  implemented, 
to  identify  alternate  approaches  if  such  exist,  and  to  provide  an  approximate  cost 
for  implementing  the  countermeasure  (either  a $ estimate  or  an  approximate  amount  of 
labor  time  required) . 

1.  Complete  Block  1 of  the  worksheet  identifying  your  system. 

2.  Review  the  Step  5 Resource  Tables  (a  - h)  and  place  an  "x'’  next  to  the 
countermeasures  that  would  be  useful  in  offsetting  the  threat  impacts  to  a specific 
asset  that  you  identified  in  Step  4.  If  you  have  determined  that  your  current  risk 
profile  in  each  of  the  security  discipline  areas  is  acceptable  and  you  choose  not  to 
implement  further  countermeasures,  note  "NONE"  under  col\imn  (a)  . Note  also  that  in 
some  cases,  selected  threats  may  persist  regardless  of  the  fact  that  perfectly 
appropriate  countermeasures  have  already  been  implemented  (e.g.,  accidents).  For 
these  cases,  the  response  "NONE  BEYOND  THOSE  IN-PLACE"  should  be  recorded.  For 
those  discipline  areas  that  you  have  identified  necessary  countermeasures  to  protect 
one  or  more  assets,  summarize  your  selections  in  the  appropriate  sections  of  the 
Countermeasures  Review  and  Identification  Worksheet,  column  (a) . If  there  are 
several  options  available  for  countering  a threat  impact,  or  if  a countermeasure 
provides  benefits  to  more  than  one  asset,  note  this  on  your  worksheet  as  well. 

3.  After  you  have  completed  your  countermeasures  selection,  develop  approximate 
("ballpark")  costs  for  implementing  the  chosen  countermeasures.  The  estimate  may 
either  be  an  approximate  $ amount  or  may  reflect  the  approximate  amount  of  labor 
time  that  would  be  required  to  implement  the  measure.  Resource  Table  RS.li  provides 
general  guidance  on  labor  costs  for  your  use  in  marking  these  estimates.  For 
specific  equipment  items,  refer  to  the  security  product  literature  to  develop  rough 
approximate  costs.  Enter  the  estimates  in  column  (c) , Approximate  Cost. 

When  estimating  the  cost  of  countermeasures,  keep  in  mind  that  if  it  was  determined 
that  the  asset  requires  additional  countermeasures,  then  the  cost  of  the 
countermeasures  does  not  have  to  be  very  precise  for  these  purposes.  The 
countermeasure  cost  has  to  be  at  least  a reasonable  amount  LESS  than  the  total 
estimated  value  of  the  asset.  For  example,  * approximate  $1,000  expense  to  back-up 

a critical  $10,000  data  base  would  be  justified.  It  should  be  noted  that  the 

maximum  acceptable  cost  of  any  countermeasure  should  be  limited  by  the  size  of  the 
expected  losses  which  would  be  mitigated  by  that  countermeasure. 

4.  After  you  have  developed  these  general  cost  estimates,  determine  the  priority 

order  in  which  the  countermeasures  should  be  implemented.  (Refer  to  the 

prioritization  that  you  made  in  the  Step  4,  Threat  and  Vulnerability  Review  as 
guidance  here  to  be  sure  the  prioritization  reflects  your  order  of  concern  for  the 
threat  impacts  that  are  identified  there.)  You  may  secpaentially  rank  the  order  in 
which  these  countermeasures  should  be  in^lemented  (e.g.,  1st,  2nd,  3rd,  etc.)  or  you 
may  again  wish  to  use  the  following  scheme: 

(1)  - Fix  immediately 

(2)  - Fix  within  the  next  6-12  months 

(3)  * Fix  if  and  when  resources  become  available. 

Enter  your  priorities  in  column  (d)  of  the  Worksheet  and  note  the  Target  Date  that 
each  countermeasure  should  be  in  place  in  column  (e) . 
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5.  After  you  have  completed  your  countermeasures  review  and  identif icaton,  it  is 
again  suggested  that  you  convene  a meeting  of  colleagues  who  are  knowledgeable  about 
the  system  and  conversant  with  security  matters.  This  informal  meeting  is  suggested 
as  a "sanity  checkpoint"  to  discuss  the  results  of  your  review  in  order  to  ensure 
completeness  and  provide  different  perspectives  on  the  countermeasure  selections 
made.  (This  type  of  meeting  was  also  utilized  in  Step  4 to  review  and  make  final 
decisions  regarding  threat  impacts.  If  desired,  you  may  wish  to  review  and  select 
your  countermeasures  during  this  same  forum.) 

6.  Summarize  the  results  of  Step  5 in  the  Step  5 Block  of  the  Executive  Summary. 

In  column  (a)  note:  whether  you  accept  the  current  risk  profile  without 
implementation  of  any  additional  countermeasures  (answer  "Yes") ; whether  you  accept 
the  risk  profile  only  with  implementation  of  the  countermeasures  identified  (answer 
"Yes  IF") . If  you  still  do  not  believe  it  is  wise  to  accept  the  current  risk 
profile  for  your  system  even  WITH  in^lementation  of  the  countermeasures  you 
identifed,  answer  "NO"  in  column  (a)  of  the  Step  5 Block  of  the  Executive  Summary 
and  explain  why  this  is  the  case.  Summarize  the  rest  of  your  Worksheet's  final 
results  in  columns  (b) , (c) , (d) , and  (e) . 

7.  Proceed  to  final  Step  6 of  the  Guideline,  Obtain  Accountability:  Management 
Understanding  of  Your  Risk  Profile  and  Countermeasures  Required. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


COUNTERMEASURES 
GUIDANCE: 
PHYSICAL  SECURITY 


STEP  5 


RESOURCE 

TABLE 

R5.1a 


ACCESS  CONTROL 

• Card  entry  system 

• Badging  system 
^ • Locks 

- Padlocks 

- Cyphers  (electronic:  mechanical) 

- Combination 

- Key 


• Fingerprint  system 

• Retinal  scan  system 

• Voice  print  system 

• Hand-geometry  system 

V • Restricted  area  sign 

V • Access  control  lists 

• Guard  forces 


INTRUSION  DETECTION 

• CCTV 

• Alarms 

- Balanced  magnetic  switches 
■ Motion 

- Volumetric 

- Infrared 


BARRIERS 

• Perimeter  fences 

• Vehicle  barricades 
^  *  * Security  containers 

• Vent/duct  man  barriers 

• Brazed  hinge  pins 

• Facility  construction  (solid  wood  or  metal  doors;  solid  and  slab-to-slab  construction  or  equivalent  walls: 
opening  >96  square  inches  secured) 


PROCEDURES 


V • Visitor  (includes  delivery,  maintenance  personnel)  access  controls 

- Logs 

- Authorizations 

- Supervision  (escorts) 

V • Lock  up  procedures 

• After  duty  hour  access  controls 

V • Emergency  response  procedures 

V • Access  control  procedures 

• Security  container  use 

V • Inventory,  accountability,  safeguarding  keys,  locks,  badges,  etc. 

'Z  • Security  violation  reporting 

V • Security  Officer 

V • Security  awareness  education  and  training 

• Searches  and  inspections 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


COUNTERMEASURES 

GUIDANCE: 

PERSONNEL  SECURITY 


STEP  5 


RESOURCE 
TABLE 
R5.1  b 


V • Initial  and  continued  screening  and  evaluation 

• Training 

V - Operational 

V - Security  awareness 

V - Cross  training 

• Security  clearance 

V • Separation  of  duties 

V • Open-door  policy 
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COUNTERMEASURES 

GUIDANCE: 

INFORMATION  SECURITY 


STEP  5 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


RESOURCE 

TABLE 

R5.1C 


• Procedures  for: 

- Identifying  sensitive  data/information 

- Assigning  sensitivity  levels 
Marking  and  labeling  data/information 

- Handling  and  storing  data/information  (i.e.,  a closed  storage  policy) 
Dissemination  data/information 

- Destroying  data/information  (to  include  all  non-clearable  media) 

- Limiting  access  to  back-up  files 

- Preparing  contingency  plan  for  loss  of  back-up  data 

- Verifying  accuracy  of  information 

• Classification  Guides 

• Access  Controls 

- Security  containers 

- File  cabinets 

- Cover  sheets 
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COUNTERMEASURES 

STEP  5 

DEPARTMENT  OF  ENERGY 

GUIDANCE: 

RESOURCE 

ADP  SYSTEM  RISK  ASSESSMENT 

COMMUNICATIONS 

TABLE 

SECURITY 

R5.1d 

• Protected  distribution  system 

• End-to-End  encryption 

• Link  encryption 

• Key  management 

V • Error  detection  and  recovery 

- Parity  checks  or  checksums 

- Error  correcting  codes 

V . Event  handling  and  recovery 

V . Backup  and  redundancy 

• Dial-back  modems 

^ • Configuration  management 

V . Patching  procedures 

• Handshaking 

• Liveness  checks 

• Noise  filters 

• Synchronized  clocks 

• Trusted  network  interface 

• Timestamping 

• Traffic  padding 

• Choke  packets 

• Community  of  interest  separation 

• Crosscheck  or  summary  reconciliation 

^ • Fault  detection,  isolation  and  tolerance 

V . Flow/routing  control 

• Digital  signatures 

• Notarization 

• Priority  indicator 

• Security  guard  mechanism 

• Sequence  numbering 


NOTE:  See  the  Glossary  for  explanation  of  countermeasures. 
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DEPARTMENT  OF  ENERGY 


COUNTERMEASURES 

GUIDANCE: 


ADP  SYSTEM  RISK  ASSESSMENT 


EMISSIONS  SECURITY 
(TEMPEST) 


STEP  5 


RESOURCE 
TABLE 
R5.1  e 


• TEMPEST  Certified  Equipment 

• Physical  Control  Zone 

• RED/BLACK  Engineering 

V - Separation  of  lines 

V - Separation  of  equipment 

• TEMPEST  Tests  and  Inspections 

• Filters 

• Fiber  Optic  Cabling 

• Shielding 

- Building 

- Equipment 

- Cables 

- Room 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

COUNTERMEASURES 

GUIDANCE: 

COMPUTER  SECURITY 

STEP  5 

RESOURCE 

TABLE 

RS.If 

SOFTWARE 

Security  policy 

Identification  and  authentication 

- Log  on  identification 
Passwords 

Smart  cards 

- Retinal  scans 

- Hand  geometry  scans 

- Keys 
Voice  prints 
Digital  signatures 

- Encryption 

- Access  control  lists 

Accountability  of  equipment,  software  and  data 

Log-on  attempts  restricted 

Automatic  terminal  time-outs 

Audit  trail  records  and  reviews 

Security  software  packages 

Security  labels 

Memory  and  data/file/program  storage  protection 

- Base  and  bounds  registers 

- Magnet  detecting  equipment 

- Locks  and  keys 

- Tagged  memory 

- Declassification  and  clearing 

- Degausser 

- Backup 

- Backup  storage  on  and  off  site 

- Secure  storage  for  master  copies 

- Data  validation  and  integrity  checks' 

- Encrypt  files 

- File  access  restrictions 


• Configuration  Management 

V - Software  change  authorization  process 

V - Structured  design  and  programming 

V - Software  evaluation  and  testing  of  new 

and  modified  software 


• System  alarms 

• Access  Controls 

V - Programs 

V - Data 

V - Documentation 


Domain  isolation 
Penetration  analysis  and  testing 
Recovery  management 

Test  and  production  software  and  data  separation 

Security  kernel 

Procedures 


V - Backup 

V - Declassifying  and  clearing 

V - Destruction  of  classified  material 

V - Media  marking,  accountability,  inventorying, 

handling,  storing 

V - Input  and  output  controls 

V - Certification 

V - Software  documentation 

V - Password  management/password  changes 

^ - Tape  and  disk  cleaning 

V - Smoking,  eating  and  drinking  restrictions 


HARDWARE 


Chain  of  custody  controls 
Device  identification 
Backup  and  redundancy 
Configuration  management 
Contingency  planning 
Console  log 
Interrupt  handling 
Lock-down  devices 
Access  controls 
Grounding 


^ • Recovery  management 
^ • Fault  detection,  isolation  tolerance 

• Hardware  protocol  verification 
^ • Execution  domains 

• Procedures 

V - Shutdown  and  restart  procedures 

V ■ Preventive  maintenance 

V - Reconfiguration 
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DEPARTMENT  OF  ENERGY 

adp  system  risk  assessment 


COUNTERMEASURES  GUIDANCE: 
ADMINISTRATIVE 
PROCEDURAL  SECURITY 
AND  SECURITY 
MANAGEMENT 


STEP  5 


RESOURCE 

TABLE 

R5.1g 


V • Separation  of  duties 


V 

V 

V 

V 

V 

V 

V 

V 

V 


V 


Standard  operating  procedures 

Security  incidents 

Facility  and  system  access  controls 

System  operation 

Backup 

Emergency  response 
Housekeeping 

Risk  management 

Contingency  planning 

Security  tests  and  evaluations 

Certification 

Accreditation 

Open  door  policy 

Establishment  of  computer  security  organization 
Designation  of  officials  with  specific  duties  and  responsibilities 
Recovery  management 
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COUNTERMEASURES 
GUIDANCE: 
ENVIRONMENTAL 
SECURITY  AND  SAFETY 


STEP  5 


DEPARTMENT  OF  ENERGY 
.DP  SYSTEM  RISK  ASSESSMENT 


RESOURCE 
TABLE 
R5.1  h 


V 

V 

V 

V 

V 

V 


V 

V 

V 

V 

V 

V 

V 

V 


V 

V 

V 

V 


V 

V 

V 

V . 


V . 


Power  protectors 

Uninterrupted  power  supply 
Surge  protectors 
Power  plant  physical  security 
Emergency  lighting 

- Grounding  (equipment  and  floor  mats) 

Power  off  control  switch 

Fire  protection 

Fire  detectors 

Fire  suppression  system 

Portable  fire  extinguishers 

Fire  dampers  in  duct  work 

Fire  rated  walls  and  partitions 

Noncombustible  construction  materials  and  furnishings 

Smoke  exhaust  systems 

Fire  fighting  teams 

Water  protection 

Water  drains 
Water  sensors 

Humidity  recording  device  and  sensors 
Plastic  sheeting  for  equipment 

Procedural 

Good  housekeeping 
Emergency  evacuation 

Environmental  system  preventative  maintenance 
Temperature  recording  device  and  sensors 
Anti-static  carpeting 
Dust  covers  and  filters 
Building  code  compliance 


V 

V 

V 

V 

V 

V 


V 

V 

V 

V 

V 

V 

V 

V 


V 

V 

V 

V 


V 

V 

V 

V . 


V . 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 

GUIDANCE  FOR 
DETERMINING  COSTS 

FOR  COUNTERMEATURES 

STEP  5 

RESOURCE 

TABLE 

RS.Ii 

For  Prices  of 
"Off-the-Sheir 
Security  Products: 


Consult  security  products  catalogs  and  advertisements, 
as  well  as  government  price  schedules  and  local  vendor 
price  lists  available  from  your  organization's  Procurement 
and/or  Security  Office 


For  Labor  Costs: 


Develop  the  total  cost  by  multiplying  approx,  hours 
spent  times  labor  cost  per  hour.  Accepted  labor  costs 
for  your  use  are  provided: 

••  Clercial:  $5-10/hr. 

••  Junior  Professional  or  Programmer:  $1 5-20/hr. 

••  Senior  Professional  or  Programmer:  $20-30/hr. 


Approximate  no.  of  work  hours  per: 
(Holidays  and  weekends  are  not 
included) 


1 Year:  2,080 
6 Months:  1,040 
1 Month:  170 
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STEP  6 


I . 


OBTAIN  ACCOUNTABILITY: 

MANAGEMENT  UNDERSTANDING  OF  RISK  PROFILE  AND  COUNTERMEASURES  REQUIRED 

STEP  6 


GENERAL  PURPOSE  OF  STEP  6 ; Step  6 is  the  final  step  in  the  risk,  assessment 
process.  It  is  a highly  critical  step,  one  that  is  often  overlooked  or 
neglected.  The  purpose  of  Step  6 is  to  provide  management  with  an  understanding 
of  and  obtain  their  accountability  for  the  decisions  and  choices  made  throughout 
the  risk  assessment  process.  It  provides  a mechanism  for  reviewing  the  risk 
assessment  results  with  management  and  discussing  resource  requirements  for 
implementing  the  countermeasures  identifed. 

STEP  6 END-PRODUCTS : There  are  no  worksheets  for  final  Step  6.  The  Executive 
Summary  Block  for  Step  6,  Management  Understanding  of  Risk  and  Countermeasures 
Required,  provides  a sign-off  area  for  your  management  to  review  the  results  of 
the  risk  assessment,  and  accept  the  current  risk  profile.  This  sign-off  is  the 
final  end-product. 


1.  Enter  your  name  on  the  line  provided  in  the  text  of  the  Block  6 paragraph 
(at  "Your  Name")  indicating  that  you  performed  the  risk  assessment,  and  enter 
the  system  for  which  the  risk  assessment  was  performed  (at  "system") . 

2.  Present  the  results  of  the  risk  assessment  to  your  management,  using  the 
Executive  Summary  pages  to  streamline  the  review  and  sign-off  process.  Use  the 
Executive  Summary  pages  to  develop  a management  briefing  to  describe  risks,  to 
present  upgrade  recommendations,  and  to  reach  consensus  on  dollar  requirements 
and  implementation  timetables. 

3.  Upon  completion  of  the  management  review,  obtain  the  required  sign-off 
signatures.  For  the  Unclassified  Computer  Security  Program,  sign-off  is 
required  by  the  Computer  Protection  Program  Manager.  For  the  Classified 
Computer  Security  Program,  sign-off  is  required  by  the  Computer  Security  Site 
Manager  and,  as  appropriate,  the  Computer  Security  Operations  Manager. 
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COMPLETED  SAMPLE 
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RISK  ASSESSMENT  OF  AN  ANONYMOUS  DOE  COMPUTER  CENTER 


r.r.NRRAL  INFORMATION 

The  Center  is  located  in  a one  story  cement  building  inside  a 
fenced  compound.  The  compound  itself  has  a guard  at  the  main 
entrance  of  the  south  parking  lot.  All  visitors  are  required 
to  register  with  the  receptionist  located  in  the  main  lobby. 
Information  on  all  visitors  is  entered  into  a database.  A 
visitor  is  given  a badge  and  is  escorted  from  one  building  to 
another  by  assigned  personnel.  Upon  leaving,  the  visitor  must 
sign  out  and  return  the  badge. 

Access  to  the  computer  room  itself  is  limited  to  the 
operators,  system  managers  who  are  employed  by  the  site 
contractor,  and  several  individuals  from  the  Information 
Systems  Management  Division.  All  janitorial  services  to  the 
computer  room  are  performed  during  the  work  day  when  an 
operator  is  on  duty.  To  enter  the  computer  room,  authorized 
personnel  must  go  through  a card  access  system.  Authorization 
for  entry  into  the  computer  room  is  controlled  by  DOE 
personnel . 

There  is  one  major  user  entrance  to  the  computing  facility. 

All  users  have  free  access  to  the  user's  area  24  hours  a day. 
The  computer  room  is  manned  five  days  a week  from  7:30  a.m. 
till  4:30  p.m.  Security  personnel  monitor  the  computer  room 
during  periods  when  the  computer  room  is  not  manned. 

The  facility  processes  sensitive/unclassified  data.  The 
creation  and  use  of  classified  software  and  data  is  not 
authorized  on  any  computer. 
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EXECUTIVE  SUMMARY 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

1 


u.  GEOGflAFHfC  AND  ADMINfSTRATfVE  INFOftMA  TION 


System  Name/ldentific«tion:  Anonymous  DOE  Computer  Canter 
Organization/User:  Information  Systsms  Division 


DOE  Facility  Name: 
Site/Location: 


Sibart  Labs  Ine. 


BraauH  Building 


Facility  Address:  Diskattavilla,  Naw  Jarsay 


CSSO  or  Person  Performing  Risk  Assessment: 
Name:  ffeger  Risk 

Organization: 


Communication’s  ADP  Cantar 


Location: 
Phone  No. 


Al  Laboratory 


(000)  xxx~0000 


1b,  PRIMARY  SYSTEtA  USE 


I I Academic/Research 

Kjn  Administration  Management 

[□  Engineering/Oesign 


O Scientific/Technical 
O Manufacturing/Production 
O Other 


1C,  $ YSTEM  CONNECTIVITY 


a. 

UJ 

H 

(/) 


Stand  Alone  System:  r~l 


Network  System: 
LAN:  □ 


WAN 


: ^ 


I I : Open 
I I : Closed 


Id,  TYPE  OF  SYSTEM 


O SMALL/SIMPLE  SYSTEM 


LARGE/COMPLEX  SYSTEM 


□ Memory  Typewriter 
[□  Word  Processor 
O Personal  Computer 

□ Smart  Terminal 


O CAD/CAM/Graphics 
Workstation 

CD  Other: 


O CAD/CAM/Graphics 
Workstation 


Mu 


O Super*Computer 
□ Other: 


Mini'Computer 
O Mainframe 


SUMMARY  OF  SYSTEM  REPLACEMENT  COSTS 


Replacement  Costs 

Very  Low 

Low 

Medium 

High 

Very  High 

(1) 

Hardware  Cost: 

□ 

□ 

□ 

□ 

(2) 

Softwsre  Cost: 

CD 

CD 

□ 

□ 

(3) 

Oats  Cost: 

CD 

□ 

CD 

IE 

CD 

(4) 

TotsI  System  Cost: 

CD 

CD 

CD 

CD 

If, 

STATUS  OF  SYSTEM  BACK-UPS 

YES: 

NO: 

All  Needed 

Back-ups 

Identify  AddItlonsI 

Beck-ups 

Required: 

Beck-upe  Exist 

Are  Needed 

• Software  Back-ups 

• Data  Back-ups 


□ 

CZI 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

EXECUTIVE  SUMMARY 

PAGE 

2 

2a.  of  SOFTWARE  AND  DATA 

T 


(1)  SOFTWARE  (APPLICATIONS.  PROGRAMS): 


□ UnclaMifl*d 


O Santitiva  Unclaaalflad 


Q Claaalflad 


If  Appllcabla,  Chaek: 

* Vital  Racorda 

* UCNI 

* Privacy  Act 


80  % 

(2)  DATA: 


20  % 


• OUO* 

• Othar 


0 % 


HIghaat  Laval  

Appllcabla  Catagoriaa 
(RD,  FRD,  NSI,  PARD) 
Moda  of  Oparation 


60  % 

£0.% 

• Othar 

0 % 

CD  Unclaaalflad 


O Sanaltiva  Unclaaalflad 
If  Appllcabla,  Chaek: 

• Vital  Racorda  O 

. UCNI  ^ 

• Privacy  Act  [Z 

. OUO*  □ . 


O Claaalflad 
• HIghaat  Laval 


• Appllcabla  Catagoriaa 
(RD.  FRD,  NSI.  PARD) 


2b.  0\^ALL  mP0ftTANCe  Ofm  SYSTEM,  SOFTWARE,  AND  DATA 


1.  SYSTEM 


Very  Low 

Low 

Medium 

Hiah 

Very  High 

CM 

Number  of  Users: 

□ 

□ 

□ 

mS 

□ 

0. 

Frequency  of  Use: 

□ 

□ 

□ 

QZf 

□ 

Impact  if  Unavailable: 

□ 

□ 

□ 

□ 

2.  SOFTWARE 

Very  Low 

Low 

Medium 

High 

Very  High 

Frequency  of  Use: 

□ 

□ 

□ 

□ 

Impact  if  Unavailable: 

□ 

□ 

□ 

□ 

Note  Additional  Back*up 
Requirentents: 


DATA 

Very  Low 

Low 

Medium 

High 

Very  High 

Frequency  of  Use: 

□ 

□ 

si 

□ 

□ 

Impact  if  Unavailable: 

Note  Additional  Back-up 
Requirements: 

□ 

□ 

□ 

□ 

Poaaibla  futura  catagory. 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

3 


BASELftm  WSmTY  REOUfttEMEmS  REVIEW 


BLSR 

BY  SECURITY 
DISCIPLINE 

{•) 

ALL 

RQMTS. 

MET 

(b)  NOTED  DEFICIENCY(IES) 

(c) 
WILL 
DO  BY 

(d) 

COMMENTS  AND/OR 
SUPPLEMENTARY 
UPGRADES 

a)Physical 

Security: 

Yes 

b)Parsonnel 

Security: 

Yes 

c)  Information 
Security: 

Yes 

d)  Communications 
Security: 

Yes 

e)  Emissions 
Security 
(TEMPEST): 

N/A 

f)  Computer 
Security 
(Hardware  and 
Software): 

Yes 

g)Procedural/ 
Administrative 
Security  and 
Security 
Management: 

Yes 

h)  Environmental 
Security  and 
Safety: 

No 

Wallo  don't  moat  ftra  rating  atandarda. 
Valua  of  aquipmant  axeaada  limitation. 
Cablaa  ara  bundlad  In  too  larga  a 
group. 

Papar  auppllaa  not  in  matal  eontainar. 

N/A 

12/89 

2/90 

11/89 

Accapting  riak 

Whan  naw  room  la  available 

Scheduled  for  correction 
Purchaae  required 

(2)  Based  on  rasults  of  Step  1 and  Stop  2,  ara  tha  maasuraa  in-placa  sufficiant  given: 

Hardware  and  Software:  Cost(s)  Yes  HH  | — | No 

System  Software  and  Data:  Characteristics  and  Importance  Yes  rYn  I I No 


Comments: 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

EXECUTIVE 

SUMMARY 

PAGE 

4 

4^  THREAT  ANO  VUlNERABtUTY  ANALYSfS 

ftEVIEW 

(b) 

(e) 

(1)  ASSET 

AREA 

(a)  THREATS  AND  VULNERABILITY(IES) 

PROBA- 

BILITY 

(H.M.L) 

PRIORITY 

OF 

CONCERN 

b)  Physical 
(Facility): 

Storm* 

H 

1 

b)  Personnai: 

Accidents 

M 

1 

Emotional,  mental,  health  problem 

M 

2 

Sensitive  data  disclosure 

H 

1 

c)  Information, 

Data,  and 
Emissions: 

Lighting 

Power  Fluctuations 

H 

H 

1 

1 

a. 

Ul 

V. 

d)  Communications: 

Sabotage 

M 

3 

Unauthorized  access 

M 

2 

Accidents 

M 

1 

*)  Computer  (Hard- 
ware & Software): 

Lighting 

H 

1 

All  environmental  threats 

M 

1 

f)  Procedures, 
Administration, 

Storm* 

M 

1 

and 

Management: 

All  environmental  threats 

M 

1 

g)  Environmental 
Security  and 
Safety: 

Storms 

Fire 

M 

L 

1 

2 

CS-6 
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STEP  5 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

5 


5,  COUfiTBRMEASUfiES  tDENTmCAJIONS  AND  WSK  PROFILE  ACCEPTANCE 


(1)  SECURITY 
DISCIPLINE 

(a) accept 

CURRENT 
RISK  PROFILE 

(b)  COUNTERMEASURES 

(c) 

(d) 

APPROX. 

(•) 

TARGET 

AREA 

(YES  OR  NO) 

TO  BE  IMPLEMENTED 

PRIORITY 

COST 

DATE 

a)  Phyaicsl 

Nono  beyond  those  In  place 

Security: 

Yea 

b)  Personnel 
Security: 

Establish  procedures  to  notify  supervisors  of 

0 

1 

10/89 

No 

Individual’s  clearance  status 

c)  Information 

Security: 

Yea 

None  beyond  those  In  place 

d)  Communica* 

tione  Security: 

Yea 

None  beyond  those  In  place 

e)  Emissiona 

Security 

(TEMPEST): 

Yea 

None  beyond  those  In  place 

f)  Computer 

Security 
(Hardware  and 
Software): 

Yaa 

None  beyond  those  In  place 

g)  Procedural/ 

Adminiatrative 

Security  and 

Security 

Management 

Yea 

None  beyond  those  In  place 

h)  Environmental 

Security  and 
Safety: 

Move  equipment  to  new  computer  room 

2 

$500 

12/99 

No 

Acquire  metal  containers  for  paper  storage 

1 

$350 

11/89 

Reduce  bundle  size  of  cables 

3 

$900 

2/90 
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department  of  energy 
ADP  SYSTEM  RISK  ASSESSMENT 


SYSTEM  COMPOSITION, 

STEP  1 ■* 

CONNECTIONS,  AND 
CONFIGURATION 

WORKSHEET  . 
W1 .1 

1 . System  Neme/ldentificetion:  Anonymous  DOE  Computer  Center 

Organiz.tion/User:  Informstion  Systems  Division 

_ . Seisniiflc  snd  technicsl  RAD 

Primary  Use:  

Location(s):  Brssult  Bldg.;  Dlsksttsvills,  N.J. 


Data: 


2/27/89 


2.  Connections: 

Stand  Alone  System:  □ 

Network  System: 

LAN:  □ WAN:  □ 

i I : Open 

I I : Closed 

3.  Configuration  Diagram: 

♦ 

♦ 

♦ 

4- 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 

4- 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 


CENTRAL  COMPUTER  FACILITY 
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mputing  Facility  Configuration  Diagram 
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department  of  energy 
ADP  SYSTEM  RISK  ASSESSMENT 


HARDWARE*  INVENTORY 
AND  COST 


STEP  1 


WORKSHEET 

Wl.Sd. 


tsiAA  [TCfr  /j 


1.  System  Nen»«/W*«<MIC«tl««:  _ 

OrgenizatienyUMr:  0'u\^\e>L. 


Primary  Uaa: 

Loeatian(a): 

Data: 


RA.-ta^tk Bu',ieli-,.j  . o; si'e  HaAlU  /O.  J~. 


a. 

Mardwaro  Invantory 

Replaeamant  Cost 

(a)  Raf.  No. 

Saaedpilon/Montfflaaltoo 

(b>  i AjmM  0 

» (a)  Raling 
(VM-VL) 

H.  , 

2 VAV  SO.50'5 

VH 

H . 2. 

1 VAV  'S’Sro 

H.  3 

1 VAX  §2cro 

\4 

H . M 

1 VAV  Ii  178-0 

v\ 

M . .7 

MuU  lijDi 

VH 

H • 

LP^)^D  PivLimTER 

U 

M • 7 

14  LPa7  Lime  ter 

H . C 

Pi  PLDTTS^  . (I44§ 

V\ 

H . ? 

H • /O 

Sawdalf 

vr^ 

M . 1 1 

X MSI 

M . /!■ 

1 H5(L  70 

H 

M.  13 

(D'Q'^:racK  ii^oc/ 5Ri-k)ipe  JrN£c 

vM 

M. 

7 

5 i^ecLW^Tfei^  DioPiAV  rsRMikiALS 

L 

H • / 7 

2.  %cc/bpi 6(riN/€C 

\\ 

M . 

1 Ool6r  qr/A/jhtci)  CojiiSr 

M 

^ Total  Paplacamam  C«al  t 


Rating  (VN.  M.  M.  U vg 


NOTE:  HarPwara  ratara  io  tha  oomputar.  pariphanla.  primar,  and  anwenmantal  and  tpadal  support  itama. 
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department  op  energy 
adp  system  risk  assessment 


HARDWARE*  INVENTORY 
AND  COST 


STEP  1 


WORKSHEET 

wi.ab 


1 . Syctam 

PHmary  Um:  

Loe«tlon(»):  ' D)  c ic II 


tdZ^  C£^n^. 


CZ^C^tJ<>nfrujA.  Do  Pi  Co>^tdL^  < 

^<£J> 


/U  .3-. 


Data: 


2. 

Hardwaro  Inaamofv  ( Raplacamant  Coal 

(a)  Paf.  Na 

HoaeripMoB/tdantMaalioo 

HD^  jr  AiM^  0 

k (e>  Raling 
(VI^VL) 

H. 

GeAP^nat)  -hibl-eA- 

• 

L 

"•  If 

c 

H . 

2 VT120  4eriv\inaij 

VL 

H-IO 

lAniT  pTiiUer 

L 

H.  21 

--hxo^  (iJUOu  r^A, 

+1 

H • 2,1 

■7  4e/rrv\ira-t 

H . 

(l^  VVrV\U/>>  l02rft.9V\o  K^uiP 

vH 

H.a4 

VL 

M • 2T 

2?  /U>uUi  iji'£4Ci/r 

L 

M 

(UrMrol 

H 

M . J.7 

TUA  -so  d.riv/€s 

M 

H . 2 ^ 

TRfiOCtf  Tpfs*;  tej'jes- 

^A 

M.Z^ 

■^++<a.  olo+ter 

M 

H . do 

20  I6v0  6p^‘€d.  rvioX-e/ws 

L 

H • yl 

Limb  AfO/^LVi^eR 

L 

H . 3z. 

a Ward  (icpo(  UM1T5 

VC 

Total  Raplaeamant  Coal  t 3W.  VO  I >J.  CL  ^ 


NatlAg  (VM,M,II.UVU 


NOTE:  HafO«ara  raiart  to  tfto  eompuMr.  paripharala.  prMar,  ani  anMrenmanai  and  spocM  auppert  itama. 


> 

4^ 

4^ 

4^ 

4^ 

4 

4^ 

4 

4^ 

4 

4^ 

4^ 

> 

4^ 

4^ 

4^ 

4 

4^ 

4^ 

CS-12 


: 
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department  op  eneroy 

AOP  SYSTEM  RISK  ASSESSMENT 

HARDWARE*  INVENTORY 

AND  COST 

STEP  1 

WORKSHEET 

W1.2C 

1.  SyataR 
Organ 

Primar 

Loeati< 

Data: 

. M.fiiAddaiilHIdattOA:  ujA.  DCPr  Ci^fUiX, 

)n(a):  B^OA^Lh:  ^/c{^  » * P'islTetfei/Jte.  /O.X. 

2. 

' Mardwar*  Inaantory  ' 

Rofladamafit  Coal 

(a)  Raf.  Na 

, OaaarfdUdfi/Mafttffloattaa 

f»|pAdmiid"o 

|(a)  RaWng 
<VH.VL) 

h.^3 

i 4DIM  4^.  4-erA/irvab 

L 

H.SLj 

P/VPerR  -5++e.fcOi5ei< 

u 

H-i-f 

LuOSfl.  iQtsSr  i:irn\-ier 

\IL 

H •3(<? 

VL 

H -3)7 

AlR  COMDlTiOM  iKiCo  UMIT^ 

\A 

h-3^ 

P^/e^e/V/li-  CeHpUTS-l? 

U. 

H • 

H • 

H . 

H • 

H • 

H • 

H • 

H . 

■ 

H . 

M . 

% Total  Radiaeamam  Coat  t or  Radnfl  CVM.M,II,UVU 

NOT! : H«r0war«  r«(tn  to  tfw  oompuw,  p<riphfito,  prinwr,  and  anwronwnl  and  addctal  auddort  iMma. 


4^ 

4^ 

4^ 

4^ 

4" 

4^ 

4 

4 

4 

4^ 

4^ 

4 

4^ 

4^ 

4 

4^ 

4^ 

4^ 

4^ 
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CS-13 


4 

4 

4^ 

4^ 

4 

4 

4 

4^ 

4 

4 

4^ 

4^ 

4^ 

4^ 

4^ 

4^ 

4^ 

4 

4 

4 

♦ 


department  of  energy 
ADP  SYSTEM  RISK  ASSESSMENT 


SOFTWARE  • INVENTORY 
AND  COST 


STEP  1 


WOBKSHEET 

W1.3A. 


K ■ (XrHfn4,4-yr)r,tA^  Do  ^ 


Dp  P:  xdz*^ 


•g^  D. 


1.  Sytum  Namt/MMtHlealiMi: 

Orgcniiatien/Uaar 

Primary  Uaa: 


y.^.  /f^£> 


Data: 


2. 

- 

TfM 
..  tlarag  • 

■^WT: 

ChMafft 

BmImir 

. Rapioeamant  Coat 

(aj  Rat  Na. 

A^frPK. 
Wow' la' 
Ooaofop 

^(7>' :. ' 1 

^VC-.rOI 

(f) 

^ Rttln« 
<VH-VL) 

sw  • 1 

kAlL|NJ6  LAe)£Lf) 

b 

25-0 

L 

8W.  ^ 

Di^APriNJb  / bi^AvvJ'Nib 
doMTROC 

b 

U^.1) 

iro 

u 

8W.  ^ 

ORAU  PARTI  Cl  PaMT 
TRaC<IKj63  DATA6A5C 

b 

M5 

(JIOO 

N 

”*•  4 

TRA\i&  L PLANi  ^)V5T£  M 

b 

1 

7p 

M 

•*•  5 

f^CU^^TY  DATA  SV^TEM 

b 

ues 

L 

Cp 

total  Mai  AvJdE  (.ARL.^ 

b 

U<),5 

^/a 

sw  . 

SMPLOVeH  (5LM€ie,V  ^y^TOM 

b 

300 

I 

**•0 

Vlt?lTDRf)  RG2?i6TRAT1DN^ 

b 

1 

lji5 

250 

L 

sw.  q 

iM-Koote  Payroll 

b 

ut^ 

Q{»3 

Vh 

*'»•  10 

FAilroAESTS) 

b 

1 

(i'QjS 

2 375' 

P 

sw.  ,1 

PRoAeiiT  dcc>r 

b 

1 

L 

sw. 

Biooeisi.  uAiuhJG)  u^T 

b 

7 

llPfl 

575' 

L 

*'*•  15 

|iM format OM  C6MTBR 

ReSlU^T  L069 

b 

1 

MO 

\L 

PsR-iOMMeu 

b 

H 

•^•|5 

METbiCAL  I'tiATA 

b 

"7^0 

M 

Total  Raplacamaftt  Coat  $ 


M 


RottRfl  (VHH,M.UVg 


* Seftwara  indudaa  ai  typaa  o(  aoftworo. 


ana  programa. 


no  - 


CS-14 


DEPARTMEMT  op  energy  software  * INVENTORY 

ADP  SYSTEM  RISK  ASSESSMENT  and  COST 

STEP  1 

WORKSHEET 

Wl.Jt 

1. 

Orgsnli 

MiMiy 

LoMitot 

Oat«: 

MMoMofilMaaliofit  _ Dt>P-  C,tT?yi^utC/i^ 

■V^7/^Y  ^ 

2. 

^florago 

^^MtAlor' 

•aotei^g 

iRaflaoaotaat  Cook  | 

(•J  RaC 

Howies 

Savof^ 

(fl'v-  :;. 
i Rating 
(VH-Vt) 

dOMTI^CT  RgPOI^T 

Re’C.fe'lPT  TI^CX.Il06> 

b 

i/'tb 

375" 

L 

’*•  17 

APPLICAfviT  DATA 

b 

lj0 

115' 

VL 

I*? 

(LoN^Tt^aT  (iLxaeouT'S 

b 

1 

l50 

L 

\q 

6T1D^£1^00M  IKi\J^TDR.V 

b 

1 

l^CO 

Hr 

SW.^^ 

ckkc3 

MA (Kirs' nV\MC£  MAKA(^G:M£yOT 

b 

M 

RiPA  Coi-b^ 

b 

1 

lj'^5 

152) 

L 

.w.22 

(^.OMPSRSKiCS  RS63lf)TRATlC3fO 

b 

752) 

L 

tw.  ^ 

OM-'^^re.  P/^Peery 
MAMAbBMEMT 

b 

7^3 

M 

**-i4 

opp-tjirG  peoPBi^ry 

MAMACofelUGMT 

b 

7 

iJ'PjS 

iVI 

PPOOJRGMGMT  FORM5 

b 

n 

/DOO 

M 

**‘21/ 

b 

T 

M 

•Yf  • ^ 

17 

b 

1“^ 

l5Z) 

U 

**'as- 

(LAbAS 

b 

1 

100 

L 

M65~riNjG>  <.  coMPeR.e.^>J(Le 

Mom  |T?DR.lNib 

b 

1 

i-yo 

L 

sw . 

\ Total  RaptaoamaM  Coal  t Set.  k)l.3oL  or  Ratlnt  (VKM,ll,t,vg 

*NOTE:  Softwf  mdudo  al  lyp—  at  utum*.  ippiclafw.  «n<  proym. 


4 

4^ 

4- 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 
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4 

4 

4 

4 

4 


depabtment  op  energy 
adp  system^isk  assessment 


SOPTWAAE  * INVENTORY 
AND  COST 


STEP  1 


woPKSHirr 

W1.JC 


Pff7’c:yv^ 


1.  tytMm  NMM/MMiMMliMi 

OrganluUMi/UMc:  __  

Primary  Uap:  ^ S> 

Loeatlon<a):  ^ Pyj^Jae  ff-^  . . Aj^'S . 


Data: 


1. 

.4' 

Tfipa* 

vilarat# 

Ma4{«' 

Ooaar#' 

laafcMtp 

Ropiaeaaiaiit  Coal 

(aj  Pa  A Ho, 

' . 

APPI^ 
Ham  la 
9^ap 

UkUMUBk 

(f> 

t PaCnf 
(VH.Vt.) 

**•30 

Ll0^f^W  OOVJRMAL  Ca+aIoP 

b 

10  0 

L 

**-3J 

Trawsl  FLAn]  Cotti  > 

b 

liCi 

\lo 

L 

**-32 

v&M-idce  MAl'^4TeMA^Jce 

b 

1 

3?  10 

L 

60Frvj\)Ar^^  d^MVGtNlTD^V 

b 

116^ 

L 

•w 

2j(yPPLlK«  MjttirfOij 

b 

1 

Ho 

\L 

»W  ^ 

do<^(cLet/RDM  De-fXeri  MTiorJ 

3i-  r£M 

b 

150 

L 

sw  , 

ORa  J '^OPM^ 

b 

\ZT 

L 

•W.^^ 

20I2.0  ^do&skiJiA 

b 

*> 

n 

a7.33/  i7ea  CAtvtfviowc/iPi^/ns 

b 

ii^f? 

s 

f«> 

•W. 

/A 

b 

'> 

**-J0 

b 

vr 

0 

t) 

*41 

b 

(je5 

1 

p 

-> 

•w  . / 

4l 

d 

b 

( 

0 

**•43 

dCfcOL 

b 

r 

dM5 

1 

0 

0/d‘o 

i 

r% 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 


Total  PaplaaaaiaK  Caal  t IV  /.  3 ^ ar 


Pallfit  (VH.  H.  M.  U VI) 


• ^*OT^; 


aiiypaaaf  I 
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4^ 


department  op  energy 

ADP  SYSTEM^ISK  ASSESSMENT 


SOrrWARI  * INVENTORY 
AND  COST 


STEP  1 


woBKSHirr 

Wl.Sd 


PC^  Gl^UiZ 

ITryUrnrSL-^fr*^  Di»r.  fry. 

^r}  (X^tL  f ^Xy\\CM,t.  ^ 


I.  lyaMfli 

Org«nlMH«4VUMn 

Primary  U**:  ^ - _ 

LeMtiofKt):  ft/eU.  > 


Data: 


1. 

.■ITypa 

ilaraga 
. Ma4l» 

OOG^  • 

laaA^g 

tif^ 

r^& 

; Raglaeamaat  Caai 

.*s 

(aj  Par  No^ 

Apff^ 

Haawip 

Qa«af«f 

J Cf> 

^ PatlRp 
(VH>Vt.) 

iw.^^ 

dbb 

b 

tie^ 

*0 

^■4U 

bf^s 

b 

y'£.‘5 

0 

■» 

*47 

b 

r» 

-V 

b.>h»  ^LCA- 

b 

u«-^ 

0 

-> 

fw.^,^ 

DctLrujb 

b 

cn 

0 

GMcrut^h^m  'SsftuJCUiL 

b 

n 

t 

**•5, 

PMO 

b 

■> 

•w. 

'-w'<. 

Foer^ArO-?? 

b 

\ 

iw . - 

^ . 

- tiMT 

b 

■> 

(« 

’••cv 

UAtiP  COM/Uukiiccrficr^-^ 

b 

qg-5 

p 

rv 

iw  . 

J 

0 

'-1^$ 

**'a 

IMtiL 

b 

-^ 

IW  . ^-7 

^ / 

LA'J6aA6€  &^/roR. 

b 

0 

*'"'59 

LltP 

b 

q/’r^ 

sw.^^ 

MM'S- 

b 

4 

4^ 

4^ 

4 

4^ 

4^ 

4- 

4^ 

4^ 

4^ 

4^ 

4^ 

4 

4^ 

♦ 


Youi  Waplacawwwl  Coal  t K>l>3  cl  m 


RMtof  (VHH.li.UVU 


* NOII:  SolTMra  mcMca  if  typ«  ol 
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department  op  enerqy 
ADP  8Y8TEIARISK  ASSESSMENT 


SOrrWANi  ® INVIHTORY 
AND  COST 


1.  syattm  Nmm/WmMmMmi 

OrganiutiMi/UMn 

Primanr 
Data: 


UasJSXkLft^ 

- 


9rtp  1 

woiKiMirr 

Wi.se 


^4C>, 


>• 

ini 

il^ 

flla^iooaoioflt' 

CoaS  1 

(aj  RaC:'  Now 

W..^>g7gsi 

HM*™- ,wr 

ew*^' 

* 

ftatfaf  1 
(VH-Vt^l 

^iJ£ 

b 

W-6 

' 

nJag 

b 

4ii. 

"n:) 

'> 

Pl^ll  FCCT9(\0  N 

b 

tig6 

Pl/I 

b 

0|^5 

T 

PLono 

b 

™ 1 

V/> 

0 

•’•-iT 

PAd'b'P  E^LDC^ 

b 

■h 

**  • 

Rid  b 

b 

•> 

sw  • 

. / 

5PM 

o 

1 

§ 

• Yk 

53A 

D 

' T 

■> 

<T> 

-t. 

b 

iji5 

f 

•*•75 

z^-%iSA‘,o>eji(>n 

b 

{j{^6 

5 

Oi 

**•7/ 

b 

A 

i- 

**•7^ 

VM-i)  oPaeATiM/-,  iv-STfcju 

b 

b|0 

"~r”^ 

0 

*w.73 

b 

*w . 7// 

ugjiu^ 

b 

^(«-5 

I 

Total 


$ 34fc.  k)l,3Cb> 


ftetifit  CVKH.II,UVU 


• NOTl; 


4- 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


i*  *>•••«* 


aiWpraarama. 
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nsDARTMCNT  OP  ENEROV 

SOmVAKB  * IMVBMTOBV 

STEP  1 ] 

ADP  SYSTIM  aiSK  assessment 

9WF  1 fv  AnS  >V^vBf^lwnT 

AND  COST 

wo«KiMirr| 

Wl.Sf 

4 

4 

4 


1 . Mw»*^W****W******** 

OfflsnlMtl***^**” 

9r\tni1  U«*J 

Oat«t 


'>v,U4^enL  PI  I/- 


B/lPaum{L±,  Bid 

^ SliLC 

\} 

*• 

V if 9*^ 

itlofata 

^ Master.' 

Oosii  a 

•aaltPttp 

.jDiaSK 

, m»laeo«aat  Coot  | 

(sJIIOCNo^ 

«P|H^ 

HawarSi 

Daaaf^ 

r 

(s)  1 

Patlnf  1 
(VK.VL>|  * 

tw.^ 

O'JSRHe'Ab 

b 

prcpr'  '2. 
sc^  ■1' 

y 1 

^are'l 

\/ievJ6?eAJ4t 

1? 

Vo  f^epio  ( 

:e/^for| 

5 r 1 

sw  • 

SW  o 

•w  • 

sw . 

sw  • 

sw  - 

sw . 

sw  • 

sw . 

sw . 

sw  • 

sw  • 

sw . 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


Total  WoplaaaiwaK  Coal  $ k)l,3o.  m 


Mattof  (VKN.ll.UVg 


• NOT!; 


Inctutlaa  altygaa  ol 
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CS-1* 


DEPARTI^ENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


DATA*  INVENTORY 
AND  COST 


STEP  1 

WOPKSMiET 
W1.4 


1.  ty«t«m  Namt/ldMtfllMliM: 
Organizatlon/Ut«r: 

Primary  Uaa: 

Leeatien(a):  __ 

Data:  


La^,  .Dob 


- 


ByLtruiJ 


t 


Bidj 


A!s  K c,ff<r  H,  ^ , 


2. 

Oala  fmraRlory 

m 

Approx. 
Hra.  la 
Doiraiop 

m 

Ooao  a 

Baelc^up 

Eziaf? 

f^lacamant  Coal 

(a)flaf. 

Ko. 

(b)  Ooa^lptfofl/ttfanfWlealioR 

OI 

S Ibnount  ® 

» Bating 
(VK-VU 

0.  1 

bArA 

UtA) 

VM 

0 • 

1 

FlsJAMdlAU  bATA 

U6 

(A 

0 • 

3 

6V6TeM  ibATA 

‘^iO 

At 

0 • 

A 

JT  M \|  a (vlTO  RV  bATA 

Ji3 

p 

0 • 

J 

T(^ACKl^Jb  bATA 

JiiO 

w 

0 • 

PLA^l^i^^l6  CATA 

w 

0 • 

7 

PPACU^GM.€fOT  bATA 

^ i-J 

M 

0 • 

a 

PeCxJ  BCTt> 

H 

0 • 

0 • 

0 • 

0 • 

0 • 

0 • 

0 • 

Total  Ropteeamom  Oaa& 


jd_ 


R^ftf  (VKKM^UVL) 


* NOTt:  Data  rofara  la  tela  aata  uaa^  aa  Inpiii  far  pracaaalAf  or  that  roauti 


traai  praoaaalaf. 


♦ 

♦ 

♦ 

♦ 

♦ 

■¥ 

♦ 

♦ 

4- 

♦ 

♦ 

4* 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 

♦ 

4- 

♦ 

♦ 

♦ 

♦ 


CS-20 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


SYSTEM 

STEP  2 

CHARACTERISTICS 

WORKSHEET 

AND  IMPORTANCE 

W2.1 

fg) 


, (VL*  VIQ 


(c)  fr«|uency  of  Um 
<VL  - VH) 


(d9  tmp«o!  if  Un«v«M«bt« 
(VL  . VH) 


Nam«/ID: 

\lAi~ 


ot 


)j  iz  [/h  - 


H 


System*2 
Namg/ID: 

0 gPJCg 

Auroi#  TiPA) 


Sy»t«m-3 

Nama/IO; 


Syatam-4 

Nama/ID: 


Syatam*5 

Nama/IO: 


r = v'u 


yj  - o6t.7^ 


H 


“T 


.40TE:  A syatam  eonsiata  ©f  th®  eomputar,  paHpharals,  printar,  anvironmantal  and  othar  aupport  itama. 
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department  of  energy 

ADP  SYSTEM  RISK  ASSESSMENT 


SOFTWARE  * 
CHARACTERISTICS 
AND  IMPORTANCE 


1.  .sytUfii 

• OrganizaiionyUa^r:  . 

• Leeatien(a): 

• Data:  2/3.7/ 


n /c/ 1 u ■ //  e.  ,0 . ^.  ” 


STEP  2 


worksheet 

W2.2 


4^ 

♦ 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


NOTE:  U90  fhrttcm  mtmbtrw  from  Werk»h0t  W1^  kt  Mvqkt  pft  anMaa. 


2.  Raf.  No. 

a)  Seftwara  Sonaittvity  or  ClaaalfleaUea 

S)  Praguonoy 
of  Uaa 

0)  Impact  H 
Unaval  laMa 

1)  UneiaaalfladT 

2)  Sanaltiva 

UiMlaaalfladT 

(Typa) 

3)  Claaaifloa? 

(Nota  Laval  ani 
Modo  of  Oaoradeo  ) 

sw  • 1 

/ 

y) 

SW.  ^ 

y 

sw  . 3 

y 

L 

L 

sw  . ^ 

y 

iw  . ^ 

V 

^ ^ 

sw  . ^ 

v/ 

VL 

\IL 

sw  . 7 

0>  ■ 

VL 

sw.  3 

y 

sw  . / 

siMC  V 

AdT  isjro 

sw  . |/) 

DOS  t'eAuRi  TV 

J OK. 

Re.i^ 

sw.  II 

y 

L 

L 

»W.  12 

/ 

iM) 

(m) 

sw  . ,3 

V 

0) 

SW  . IQ, 

b)  PRIn/AsL^/ 

A (It  'iPO 

O'!) 

SW.  15 

b;  pRi  si/\^y 

AdT  'fOr  J 

7) 

(Sj 

3.  Approi. 

% • •• 

fr,  * 

» 

% 

Mtmtn  InehidM  all  typM  •! 
**  Total  of  eolumna  1,  A and  S 


■SpIteatleiM.  an4  programa. 

■ 100%  (raflaatinf  al  aoftwara  (applieaSona,  pragrama)  uaa^ 


CS-22 
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Mi] 


department  op  energy 

AOP  SYSTEM  RISK  ASSESSMENT 


1.  •Systam  N«iM/M«ilHlMtlon 

• OrganUctionAJtar:  X«  

Loeatlon(a):  3 


SOFTWARE  • 
CHARACTERISTICS 
AND  IMPORJAHCE 


Data: 


'i333SliA=.~J2^L^im  '/Vfe 

’I— 

■ fe:s 


STIP  2 


WORKSHEET 
W2.S,  , 


SafHsefa  inaludaa  all  lypaa  «4  )wlh»w»9  s^leaUpfie,  and  pregramA. 

••  ratal  e«  aalt^nna  t,  2,  ani  S a 1S@%  {refl®^!}^  aS  aaftvvara  (applla«E«na,  p^^^rasns)  ueatf)» 


NOTE:  Un  r0^r»n^  mmfy»r9  from  WlS  Io  mvoid  f0U»t}^ 

2.  Paf.  Na 

a)  Saftwara  SanalSvity  ar  ClaaalfleaUen 

p)  Prapuanay 

af  Uaa 

e)  Impact  M 
Unavailabta 

1)  Unalaaalflad? 

S)  tanaltiva 
UnetaaalfiadT 
(Typa) 

3)  ClaaalfladT 

(Nata  Laval  antf 
Mada  of  Oearatlan  ) 

fi)  ... 

(H 

sw  • 1 7 

/ 1 1 1 M 1—0 

L 

sw . is> 

(R)  . . . 

tw . 1 ■:? 

y 

1^1 

f) 

(N 

•w . _o 

y 

•fl) 

sw  . S'  1 

v 

VL 

Vu  • 

9W  • ^ ^ 

/ 

(1^ 

L 

SW . 

V 

sw  . ; -I 

, sw  . J 

y 

§ 

sw  • - 

y 

(1^) 

sw  . • V 

v/ 

K/^ 

sw  . (i 

■ 1 

9 

sw.  '/q 

y 

. 

VL 

L 

»»•  Jo 

V 

(Ml 

(1^ 

J. 

% 

t 

4^ 

4^ 

4 

> 

4 

4^ 

4^ 

4 

4^ 

4^ 

4^ 

4^ 

4^ 

4- 

4^ 

4^ 

4^ 

4 
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tA 


department  of  energy 

AOP  SYSTEM  RISK  ASSESSMENT 


SOFTWARE  • 

CHARACTERISTICS 
AND  IMPpRTANpE 


• OrganliationAltcr: 

• Loe«iien(a): 


STIP  2 


WORKSHEET 

W2.2 


>0.?. 


woTg;  1/^  f0^rm99f  mmAcff  Ahprni.  IforlniRMT  1V%4T  p 


2.  Raf.  No. 

a)  Softwara  ianaiSvIty  or  Oaaaifleatlon 

P)  Prapuanay 
af  Uao 

a)  Impact  If 
Unavai  labia 

1)  Unelaaalfla4T 

2)  Sonaitiva 

UnelaaalfMt 

(Typo) 

3)  ClaaaiflaPT 

(Not#  Laval  ani 
Moda  af  OparaSao  1 

/ 

(m) 

“T^ 

8W  . 

y 

ViL 

\iL 

8W  • ^3 

k/ 

L 

vf 

*’*•3/' 

y 

U 

VL 

8W  . 

1/ 

VL 

VL 

"»-3(p 

y 

L 

U 

$w . 37  ■ 

fc>i/^u  73  - 

yooi.^ 

(S) 

(m) 

sw . 7/7 

■ J 1 

Pf^sa.v>fe..->r  coo< 
■0  tT  i£. 

: C / 

CP 

sw  . 

sw  . 

sw  • 

sw  • 

sw  > 

sw  • 

sw  • 7 

3.  Apprai. 

% • •• 

0 G>  % 

ao  * 

Softwara 

litehidoa  aU  tyfoa  « 

if  aoRarofO,  abRUeatfonp 

and  programa. 

4^ 

4^ 

4^ 

4^ 

4 

4^ 

4^ 

4 

4 

4^ 

4^ 

4^ 

4 

4 

4^ 

4^ 

4^ 

4^ 

4^ 

4 


pregfma)  uMd). 
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‘A,LK 

'3.:- 


department  op  energy 
adp  system  risk  assessment 


DATA* 

CHARACTERISTICS 
AND  IMPORTANCE 


•SycUffl 

•Orfl«nix«lien/UMr:  - jUryi. 


STEP  2 


WORKSHEET 

W2.3 


•Org«nix«llen/UMr 
•Lee«tlon(«): 

•Oat*: 


^yiin 


NOTE:  U90  rtf^foc*  numbf*  frdm  li^lraRaM  WiM  Nr 


Data  rtfara  la  aaaelfla  Sata 

**  Total  of  eahimn*  1.  A ani  S 


uaai  a*  input  far  pracaaalnp  or  tfiat  raault 
■ 1M%  af  aM  data  uaad. 
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from  pfocaaaing. 


2.  Raf. 
No. 

(a)  Data  tanaiSvity  or  Claaaifleatlon 

b)  Frapuanoy 

af  Uaa 

a)  Impact  H 
Unavailabla 

1)  UnelaaalflodT 

2)  tonaitiva 
Unolaaalfladf 
(Nata  Typa) 

3)  Claaalflod? 
(Nata  LavoO 

“•I 

'o)pi?>\i^V  ACT 

1 KJPO 

0-2 

/■ 

<S) 

0 • ^ 

0*4 

\/ 

(k) 

(m> 

0 . ^ 

r 

Cm) 

0 • 'd 

/ 

CH> 

0.7 

•r'j  i £ i 0^ 

Mi65^0rJ  keu 

<S) 

-T ) b O€.  'lAs.'l. 

DP-  ^£L. 

L 

0 • 

0 • 

0 • 

0 • 

0 • 

- 

0 • 

0 • 

• 

3.  Apprai. 
% 

1^ 

lo 

52_* 

4^ 

4^ 

4^ 

4^ 

4^ 

4 

4^ 

4^ 

4 

4^ 

4^ 

4^ 

4 

4^ 

4 

4^ 

4^ 

4 

CS-25 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


System  Name/ldentificatlon: 


REVIEW  OF 

STEP  3 

BASELINE  SECURITY 

REQUIREMENTS  FOR- 

WORKSHEET 

PHYSICAL  SECURITY 

W3.1a 

SENSfTIVE  UNpt.AS$ir»EP 


r 


Y 


STORE  INFORMATION/DATA  IN  UNLOCKED  FILES.  DESKS  WITHIN  CONTROLLED/GUARDED  AREA.  (8) 
STORE  INFORMATION/DATA  IN  LOCKED  REPOSITORY  IN  UNCONTROLLED/GUARDED  AREA.  (8) 


4^ 

4^ 

4^ 

4^ 

4^ 

4^ 

4 

4 

> 

4 

4^ 

4 

4^ 

4^ 

4 

4 

4^ 

4 

4 

4^ 

4^ 


BOTH 


i 


Y 


X 


Y 


Y 


Y 


X 


X 


X 


X 


X 


Y 


Y 


Y 


Y 


Y 


Y 


. DEFINE  PHYSICAL  SECURITY  REQUIREMENTS  FOR  ADP  OPERATIONS  AT  ONSET  OF  PROGRAM.  (D) 

. UnUZE  A PERSONNEL  IDENTIFICATION  SYSTEM  FOR  FACIUTY  WITH  30+  INDIVIDUALS,  (q,  r,  u) 

. RECOVER  BADGES  OF  TERMINATING  EMPLOYEES  AND  DEPARTING  VISITORS,  (u) 

. REPLACE  BADGES  AND  PASSES  AS  APPROPRIATE,  (u) 

. RETAIN  RECORD  OF  LOST  BADGES,  PASSES.  CREDENTIALS,  AND  SHIELDS,  (u) 

. DESIGN  ELECTRONIC  ALARMS  TO  MEET  SITE-SPECIFIC  PROTECTION  NEEDS  AND  REQUIREMENTS  IN  DOE  5632.5.  (q) 

• USE  A RECEPTIONIST  OR  EMPLOYEE  WITH  ASSIGNED  RESPONSIBIUTY  TO  CONTROL  ACCESS  DURING  WORKING  HOURS,  (r) 

• MAINTAIN  A VISITORS  LOG.  (r) 

. POST  TRESPASSING  SIGNS  AROUND  PERIMETER  AND  ENTRANCES,  (r) 

. INSPECT  AND  SEARCH  VEHICLES  AND  HAND  CARRIED  ITEMS  RANDOMLY,  (r) 

. POST  CONTRABAND/PROHIBITED  ITEMS  SIGN  AT  ALL  ENTRANCES,  (r) 

. IMPEDE  ACCESS  WITH  BARRIERS  (I.E..  WALLS,  FENCES,  ETC.),  (r) 

. LOCK  AREA.  BUILDING,  ADP  CENTER.  ETC.  WHEN  UNOCCUPIED,  (r) 

. UTILIZE  LOCKS  THAT  ARE  GSA/GOVERNMENT  APPROVED,  (r) 

. CONTROL  AND  ACCOUNT  FOR  ALL  KEYS  AND  COMBINATIONS,  (r) 

. CHANGE  LOCKS  AND  COMBINATIONS  WHEN  LOST/COMPROMISED,  (r) 

. PROVIDE  INTRUSION  DETECTION  SYSTEM  AS  APPROPRIATE,  (r) 

• TEST  AND  MAINTAIN  ALARNVSECURITY  SYSTEMS  AND  COMPONENTS  IN  OPERABLE  CONDITION,  (r) 

. ESTABUSH  EMERGENCY  PUNS,  (r) 

. DESIGN  ELECTRONIC  AURMS  TO  MEET  SITE-SPECIFIC  PROTECTION  NEEDS  AND  REQUIREMENTS  WITH  DOE  AURM 
REQUIREMENTS,  (q) 


KEY: 


YES  = Y 


NO=.N 


NOTAPPUCABLE  = N/A 


PARTIALLY  = P 


NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List.  Resource  Table  R3. 
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department  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
PHYSICAL  SECURITY 

STEP  3 

WORKSHEET 

W3.1b 

System  Name/ldentificatlon:  /2yhLryvJoyi0i^ 

'S  oy)  Ccrn^j>iit€h- 


DETECT  AND  DETER  UNAUTHORIZED  ACCESS  TO  AOP  CENTERS,  (q) 

ESTABUSH  SECURITY  AREAS  AS  REOUIRED  BY  DOE  BASED  ON  MISSION  AND  SIZE,  (a) 

SAFEGUARD  STOCK  OF  UNUSED  BADGES,  PASSES,  CREDENTIALS,  AND  SHIELDS,  (u) 

IDENTIFY  SECURITY  IMPORTANCE  RATINGS  OF  SECURE  FACIUTIES.  (m) 

CONTROL  AND  UMIT  ACCESS  TO  PERSONNEL  WHO  ARE  CLEARED  FOR  ACCESS  TO  THE  HIGHEST  CLASSIFICATION 
LEVEL  OF  INFORMATION,  (p,  q) 

ESTABUSH  A TSCM  PROGRAM  FOR  FACIUTIES  THAT  HOUSE  CLASSIRED  ADP  SYSTEMS,  (o) 

NOTIFY  RESPONSIBLE  ORGANIZATION  OF  PHYSICAL  SECURITY  DEFICIENCIES,  (m) 

CONDUCT  INITIAL  AND  PERIODIC  SECURITY  SURVEYS  TO  ENSURE  DOE  SECURITY  POUCIES  AND  PROCEDURES  ARE 
IMPLEMENTED,  (m) 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


YES-Y 


NO-N 


NOTAPPUCABLE-N/A 


PARTIALLY  . P 


NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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department  of  energy 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
PERSONNEL  SECURITY 

STEP  3 

WORKSHEET 

W3.2 

System  Name/Idtntlflcatlor»: 

SENSITIVE  UNCLASSIFIED 

Y 


Y 


Y 


LIMrr  PERSONNEL  ACCESS  TO  SENSITIVE  UNCLASSIFIED  MATERIALS  VIA 
DISSEMINATION  AND  ACCESS  CONTROLS.  (B.E.F.H) 

SCREEN  ALL  PERSONNEL  INVOLVED  WITH  SENSITIVE  DATA.  (E) 

REQUIRE  PROOF  OF  IDENTITY  TO  RECEIPT  FOR  INFORMATION.  (H) 


CLASSIFIED 


CONTROL  AND  LIMIT  ACCESS  TO  CLASSIFIED  INFORMATION  TO  AUTHORIZED  PERSONNEL 
ONLY.  (n.  p) 

LIMIT  PERSONNEL  ACCESS  TO  WEAPONS  DATA  MATERIALS  VIA  DISSEMINATION  AND 
ACCESS  CONTROLS,  (v) 

CONTROL  ACCESS  TO  FOREIGN  INTELLIGENCE  INFORMATION,  (x) 

ENSURE  PERSONNEL  ARE  COGNIZANT  OF  THEIR  RESPONSIBILITIES  TO  SAFEGUARD  AND 
CONTROL  CLASSIFIED  DOCUMENTS,  (n) 

OBTAIN  NECESSARY  VISITOR  ACCESS  AUTHORIZATIONS  PRIOR  TO  PERMITTING  ACCESS 
TO  FACILITIES  CONTAINING  NAVAL  NUCLEAR  PROPULSION  INFORMATION  (NNPI).  (h) 

ENSURE  THAT  ALL  INDIVIDUALS  REQUIRING  ACCESS  TO  CLASSIFIED  MATERIAL  ARE 
APPROPRIATELY  CLEARED,  (g) 

- fJo  c^UsS>^f,'e^  cU-hcL.  oh 


> 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 
4 


Y:  YES.Y 


NO>N 


NOTAPPUCABLE-N^A 


PARTIALLY -P 


. PE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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CS-28 


DEPARTMENT  OF  ENERGY 

AOP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 

BASELINE  SECURITY 
REQUIREMENTS  FOR: 
INFORMATION  SECURITY 

STEP  3 

WORKSHEET 

W3.3 

System  Name/ldentificatlon: 

SENSITIVE  UNCLASSIFIED 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


r 


Y 


r 


r 


r 


Y 


V 


Y 


Y 


Y 


Y 


MAINTAIN  CURRE^mNVENTORY  OF  STORED  INFORMATION.  (A) 

USE  COVER  SHEETS  AND  SPECIAL  MARKINGS  FOR  UCNI.  (B) 

STORE  UCNI  MATERULS  IN  LOCKED  REPOSITORY.  (B) 

STORE  UCNI  MATERIALS  IN  UNLOCKED  RLES  AND  DESKS  IF  WITHIN  CONTROLLED/GUARDED  AREA.  (B) 

SHRED  OR  BURN  MEDIA  TO  BE  DESTROYED.  (B) 

PROTECT  COMPUTER  SECURITY  PROGRAM  INFORMATION.  (B.E) 

REVIEW  VITAL  RECORDS  ANNUALLY.  (A) 

APPROPRIATELY  MARK  ON  THE  COVER  AND  TITLE  PAGE  OF  ALL  SOFTWARE  DOCUMENTATION  FOR  SCIENTIFIC  AND 
TECHNICAL  COMPUTER  SOFTWARE  WHICH  MAY  BE  DISSEMINATED  TO  OTHERS.  (J) 

UT1U2E  OPSEC  TECHNIQUES  OR  MEASURES  TO  PROTECT  CLASSIFIED  OR  SENSITIVEAJNCLASSIFIED  INFORMATION.  (K) 

PREPARE  AN  OPSEC  THREAT  STATEMENT  AND  DEVELOP  A CRITICAL  AND  SENSITIVE  INFORMATION  UST  AND 
SUPPORTING  ESSENTIAL  ELEMENTS  OF  FRIENDLY  INFORMATION.  (K) 

DEVELOP  PROCEDURES  FOR  PROPERLY  REPORTING.  HANDUNG,  SAFEGUARDING.  AND  DISPOSING  OF  DOE  SCIENTIRC 
AND  TECHNICAL  INFORMATION.  (I) 

PROHIBIT  DUPUCATTON  OF  SOFTWARE.  DATA  FOR  PERSONAL  USE  OR  ON  HOME  COMPUTERS.  (L) 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


BOTH 


Y 


Y 


Y 


k 


. IDENTIFY  Aa  SENSITIVE  DATA.  INFORMATION.  MATEWALS.  (A.C.E.F) 

. DEFINE  INFORMATION  SECURITY  NEEDS  AT  ONSET  OF  ALL  PROGRAMS.  (D) 


REVIEW  PROGRAMS  AND  DATA  FOR  COMPUANCE  WITH  REQUIREMENTS  FOR  HANDUNG  AND  CONTROL  OF  SENSITIVE 
DATA.  (A.C.E.H) 

MARK  SENSITIVE  UNCLASSIFIED  AND  CLASSIFIED  MATERIAL  AND  EQUIPMENT  WITH  NECESSARY  MARKINGS  EITHER  BY 
STAMPING.  TAGS.  LABELS.  OR  OTHER  SUITABLE  NCANS.  (q) 


. STORE  SENSmvE4rfH  CLASWHED  MATTER  IN  SECURITY  CONTAINERS,  (q) 


CLASSIFIED 


MAINTAIN  ACCOUNTAaUTY  SYSTEM,  AS  APPROPRIATE.  TO  ACCOUNT  FOR  AND  DETERMINE  WHEN  CLASSIFIED  MATTER  IS 
LOST  OR  UNACCOUNTED  FOR.  (a) 

MARK  CLASSIFIED  MATERIAL  MEDIA.  AND  OTHER  EOUIPMENT  WITH  CLASSIFICATION  AND  OTHER  NECESSARY  MARKINGS. 
EITHER  BY  STAMPINQ,  TAGS.  LABELS,  OR  OTHER  SUITABLE  MEANS,  (q) 

STORE  CLASSIFIED  MATTER  IN  APPROVED  SECURITY  CONTAINERS,  (q) 

CONDUCT  ANNUAL  REVIEW  OP  TOP  SECRET  DOCUMENTS,  (n) 

affix; 


AFFIX  SPECIAL  HANDUNG  MARKINGS  TO  NNPI  AS  APPROPRIATE,  (h). , 

iJifk  - Aid  ^ stfctem- 


YES-Y 


NO-N 


NOTAPPUCAa£«NIA 


PAPmALLY-P 


NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List  Resource  Table  R3. 
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CS-29 


department  of  energy 

ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 

baseline  security 

requirements  FOR: 
COMMUNICATIONS 
SECURITY  (COMSEC) 


System  Name/ldentificatlon:  ot/ia  POi^ 


STEP  3 


WORKSHEET 

W3.4 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


r 


y 


Y 


AS  APPROPRIATE: 


• USE  OF  PRIVACY  DEVICES  TO  PROTECT  UNCLASSIFIED  INFORMATION,  (c) 


• USE  OF  DES  TO  PROTECT  UNCLASSIFIED.  SENSITIVE  INFORMATION,  (c) 


BOTH 


Y 


r 


Y 


PROCUREAJSE  CRYPTO  GEAR  FOR  UNCLASSIFIED  SENSITIVE 
DISCUSSIONS/TRANSMISSIONS.  IF  DEEMED  NECESSARY,  (c) 

DESIGN  AND  INSTALL  PDS.  AS  APPROPRIATE,  (d) 

SECURE  CLASSIFIED  AND  UNCLASSIFIED  SENSITIVE  SYSTEMS  TO  PREVENT 
COMPROMISE  OR  EXPLOITATION,  (c) 


CLASSIFIED 


CONDUCT  SECURITY  SURVEYS  OF  SECURE  COMMUNICATIONS  CENTERS,  (m) 

PROCUREAJSE  NSA  APPROVED  CRYPTOGRAPHIC  DEVICES,  (p) 

ENSURE  CLASSIFIED  INFORMATION  IS  NOT  DISCUSSED  OR  TRANSMITTED  OVER 
UNENCRYPTED  OR  NONSECURE  TELEPHONE  SYSTEMS,  (n) 

PROCURE/USE  CRYPTO  GEAR  FOR  CLASSIFIED  DISCUSSIONS/TRANSMISSIONS,  (c) 

i^(A  ' /s 

Ce^y^^u  feY"  S' 


KEY; 


YES-Y 


NO.N 


NOT  APPUC ABLE  * N/A 


PARTIALLY  . P 


(1)  NOTE:  Additional  PDS  Guidance  is  provided  in  the  DOE  PDS  Procedural  Guide  (u)  (Confidential). 

?)  NOTE;  Additional  COMSEC  guidance  regarding  the  role  and  responsibilities  of  the  CRYPTO 
custodian  are  provided  m the  DOE  COMSEC  Procedural  Guide,  (l)  (Confidential). 

(3)  NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table 


R3. 
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CS-30 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
EMISSIONS  SECURITY 
(TEMPEST) 

STEP  3 

WORKSHEET 

W3.a 

A 

System  Name/ldentificatlon:  0/y\oyu^Du^ 

, both  SENSmve  iJNCLASSIFIEO/CLASSlFtEO 

MA 


^/4 


AS  APPROPRIATE; 

• APPOINT  TEMPEST  COORDINATOR,  (b) 


PERFORM  TEMPEST  SURVEYS,  (b) 


• ZONE  TEST  EVERY  3 YEARS,  (b) 

• MAINTAIN  TEMPEST  FILE  FOR  EACH  FACILITY,  (b) 

• COMPLY  WITH  EMISSIONS  SECURITY  REOUIREMENTS.  (b) 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


KEY: 


YES=:Y 


NO-N 


NOT  APPLICABLE  * N^A 


PARTIALLY  a P 


NOTE;  Additional  TEMPEST  guidance  is  provided  in  the  DOE  TEMPEST  Procedural  Guide  (u)  (Confidential). 
As  of  May  1989,  this  guide  was  undergoing  a major  update/revision. 


(2)  NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List.  Resource  Tab  e P3 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR:  ^ 
COMPUTER  SECURITY 

STEP  3 

WORKSHEET 

W3.6a 

System  Name/ldentificatlon:  P>0^ 

SENSITIVE  UNCLASSIFIED 

Jl 


Y 


Y 


y 


y 


Y 


Y 


y 


Y 


Y 


Y 


Y 


V 


Y 


Y 


Y 


y 


y 


DEFINE  OPERATING  AND  APPLICATION  SOFTWARE  SECURITY  NEEDS  AT  ONSET  OF  PROGRAM.  (D.E.H) 

MAINTAIN  ACCESS  LOG(S)  TO  DETECT  UNAUTHORIZED  ACCESS  ATTEMPTS.  (E) 

RANDOMLY  REVIEW  FILE  CONTENTS.  (E) 

ESTABLISH  CONFIGURATION  MANAGEMENT  CONTROLS  TO  TRACK  HARDWARE  AND  SOFTWARE  SECURITY 
UPGRADES  BASED  ON  RESULTS  OF  RISK  ASSESSMENT  (E) 

DETERMINE  IMPORTANCE  OF  APPLICATION  TO  MISSION  (E) 

DEVELOP  COMPUTER  PROTECTION  PLAN.  (E) 

ESTABLISH  AND  IMPLEMENT  COMPUTER  SECURITY  CONTROL  PROCEDURES  TO  PROTECT  HARDWARE. 
SOFTWARE,  AND  DATA  AGAINST  THEFT,  LOSS,  UNAUTHORIZED  MANIPULATION,  FRAUDULENT  ACTIVITIES  AND 
NATURAL  DISASTERS.  (K) 

ADVISE  APPROPRIATE  AUTHORITIES  OF  ANY  SENSITIVEAJNCLASSIFIED  COMPUTER  SECURITY  VULNERABIUTY 
DETECTED  IN  THE  COURSE  OF  AN  OPSEC  VULNERABILITY  ASSESSMENT.  (K) 

ESTABLISH  AND  IMPLEMENT  COMPUTER  OPERATION  CONTROL  PROCEDURES  TO  ENSURE  ACCURACY  AND 
COMPLETENESS  OF  THE  INFORMATION  MAINTAINED  AND  PROCESSED.  (K) 

ESTABLISH,  DOCUMENT.  AND  ENFORCE  PROCEDURES  FOR  TESTING  AND  IMPLEMENTING  SOFTWARE  CHANGES. 
(K) 

ESTABLISH  AND  IMPLEMENT  HARDWARE  CONTROLS  FOR  ALL  HARDWARE  PROCUREMENT  ACTIONS.  (K) 

ESTABLISH  AND  ENFORCE  CONTROL  PROCEDURES  FOR  DISTRIBUTED  PROCESSING  AND  NETWORK 
OPERATIONS.  (K) 

REOUIRE  THAT  SYSTEM  DESIGN,  DEVELOPMENT,  AND  MODIFICATION  CONTROL  PROCEDURES  PROVIDE 
ADEQUATE  SEPARATION  OF  DUTIES  AND  ASSURES  USER,  MANAGEMENT,  AND  INTERNAL  AUDITOR 
PARTCIPATION.  (K) 

ESTABLISH  CONTROL  MECHANISMS  TO  ENSURE  THAT  DATA  REACHES  THE  COMPUTER  APPLICATION  WITHOUT 
LOSS,  UNAUTHORIZED  ADDITION  OR  MODIFICATION,  OR  OTHER  ERROR  (K) 

ESTABUSH  AND  ENFORCE  PROCEDURES  FOR  CONVERTING  AND  ENTERING  DATA  THROUGH  TERMINALS  AND 
DETAIL  THE  PROCESS  FOR  IDENTIFYING,  CORRECTING,  AND  REPROCESSING  DATA  REJECTED  BY  THE 
APPUCATION.  (K) 

DEVELOP,  DOCUMENT  AND  IMPLEMENT  CONTROL  PROCEDURES  FOR  PROCESSING  DATA  AND  SCHEDULING  DATA 
FROCESSINa  (K) 

DEVELOP,  DOCUH^NT.  AND  IMPLEMENT  OUTPUT  CONTROL  PROCEDURES  (K) 

DEVELOP  AND  IMPLEMENT  EFFECTIVE  CONTROLS  FOR  THE  ACQUISITION.  OPERATION  AND  SECURITY  OF 
MICROCOMPUTERS.  (K) 

REQUIRE  WRITTEN  AUTHORIZATION  TO  USE  COMPUTER  EQUIPMENT  FOR  OFF-SITE  WORK.  (L) 


4 

4 

4 

4 

4 

4 

+ 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


KEY: 


YES»Y 


NO>N 


NOTAPPUCABLE*N/A 


PARTIALLY  = P 


* Covers  Hardware.  Software,  and  Computer  Security  Related  Procedures. 

NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List.  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 

REVIEW  OF 
BASELINE  SECURITY 

STEP  3 

ADP  SYSTEM  RISK  ASSESSMENT 

REQUIREMENTS  FOR: 
COMPUTER  SECURITY* 

WORKSHEET 

W3.6b 

Qy«tpm  Name/ldentificatlon:  ^2^a>uJnry>t'U<. 

P>D^ 

both  ;■ 

r 


r 

• 

T 

• 

Y 

• 

r 

• 

Y 

• 

PROVIDE  CONFIGURATION  MANAGEMENT  CONTROLS.  (C,  E) 

REVIEW/APPROVE  AND  CERTIFY  DESIGN  OF  NEW  OR  CHANGED  HARDWARE/SOFTWARE.  (C.D.E.H) 

DEFINE.  EVALUATE.  AND  REEVALUATE  SECURITY  REQUIREMENTS  THROUGHOUT  SYSTEM  LIFE-CYCLE. 
(C.D.E.H) 

AUDIT  SYSTEM.  (C.E.p) 

DEVELOP  AND  TEST  CONTINGENCY  PLAN.  INCLUDING  BACK-UP  AND  RECOVERY  FEATURES.  (A.C.p) 
TEST  HARDWARE  AND  SOFTWARE  PROTECTIVE  FEATURES.  (E.  p) 


4^ 

4 

4- 

4 

4 


CLASSIFIED 


PREPARE  ADP  SECURITY  PLAN,  (p) 

DEVELOP,  IMPLEMENT,  MAINTAIN.  AND  DOCUMENT  ALL  ADP  SECURITY  MEASURES,  (p) 

CLEAR  AND  SANITIZE  ADP  RESOURCES  FOR  CLASSIFIED  PROCESSING  (p) 

DEVELOP  A CONTINGENCY  PLAN  TO  ENSURE  AVAILABILITY  OF  CRITICAL  ADP  SYSTEMS,  (p) 

IDENTIFY  THE  CLASSIFICATION  LEVEL  OF  ALL  MAGNETIC  MEDIA,  (n) 

PERFORM  A RISK  ASSESSMENT  AT  LEAST  EVERY  3 YEARS,  (p) 

IDENTIFY  ADP  SECURITY  TRAINING  REQUIREMENTS  AND  DESIGNATE  WHO  WILL  RECEIVE  THE  TRAINING,  (p) 
ASSIGN  RESPONSIBIUTY  FOR  CLASSIFIED  ADP  SYSTEMS  (p) 

DEVELOP  COMPUTER  SECURITY  MANUALS  AND  GUIDELINES  FOR  CLASSIFIED  ADP  SYSTEMS,  (p) 

REPORT  ANY  COMPUTER  SECURITY  INCIDENT,  (p) 

CONDUCT  SECURITY  SURVEYS  OF  ADP  CENTERS,  (m) 

UTILIZE  AUTHORIZED  TECHNIQUES  AND  PROCEDURES  FOR  THE  DESIGN,  TESTING,  AND  EVALUATION  OF 
CLASSIFIED  ADP  SYSTEMS,  (p) 

UTIUZE  ONLY  ACCREDITED  OR  APPROVED  CLASSIFIED  ADP  SYSTEMS,  (p) 

MAINTAIN  BACK-UP  OF  CRITICAL  SOFTWARE  AND  DATA,  (p) 

PROVIDE  CONFIGURATION  MANAGEMENT  CONTROLS  FOR  SOFTWARE,  HARDWARE.  AND  SECURITY 
MECHANISMS,  (p) 

ASSIGN  USERS  A UNIQUE  USER  ID/PASSWORD  (p) 

CHANGE  USER  PASSWORDS,  (p) 

ESTABLISHAJTILIZE  AUDIT  TRAILS,  (p) 

STORE  AND  LABEL  CLASSIFIED  MEDIA  PROPERLY,  (p) 


/(JM 

Crr> 

PARTIALLY  = P 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


KEY: 


YES.Y 


NO  = N 


NOTAPPUCABIE  = N/A 


* Covers  Hardware,  Software,  and  Computer  Security  Related  Procedures. 

NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

HEVIEW  OF  BASELINE 

SECURITY  REQUIREMENTS 
FOR:  PROCEDURES, 
ADMINISTRATION,  AND 
SECURITY  MANAGEMENT 

STEP  3 

WORKSHEET 

W3.7 

System  Name/ldentificatlon:  P^S 

SENSmVE  UNCtASSiriED 

X 


r 


Y 


Y 


r 


Y 


Y 


r 


ESTABLISH  AND  CONDUCT  TRAINING  AND  AWARENESS  FOR  USE  OF  SENSITIVE  DATA.  (A.B.E.H) 
ESTABUSH  SECURITY  INCIDENT/VIOLATION  REPORTING  SYSTEM.  (E) 


• ESTABUSH  AND  IMPLEMENT  PROCEDURES  FOR  PROVIDING  DEVELOPED  AND/OR  MODIFIED  SCIENTIFIC  AND  TECHNICAL 
COMPUTER  SOFTWARE  TO  THE  CENTRAUZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  ACTIVITY.  (J) 


• ADVISE  CENTRAUZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  ACTIVITY  OF  DIRECT  EXCHANGE  OF  SCIENTIFIC 
_ AND  TECHNICAL  COMPUTER  SOFTWARE  WITH  OTHER  PROGRAMS  OR  SPECIFIC  INFORMATION  ANALYSIS  CENTERS.  (J) 

• COORDINATE  WITH  CENTRAUZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  FACIUTY  PRIOR  TO  DEVELOPING 
NEW  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE.  (J) 


IDENTIFY  ALL  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  SENT  TO  THE  CENTRALIZED  FACIUTY  THAT  HAS 
GENERAL  UTIUTY.  (J) 

ENSURE  THAT  THE  APPROPRIATE  INSTRUCTIONS  FOR  CONTROLUNG  DISSEMINATION  OF  SCIENTIFIC  AND  TECHNICAL 
COMPUTER  SOFTWARE  ARE  INCLUDED  IN  ALL  SCIENTIFIC  AND  TECHNICAL  SOFTWARE  PACKAGES  PROVIDED  TO  THE 
CENTRAUZED  FACIUTY.  (J) 

ENSURE  THAT  PUBLIC  DISSEMINATION  OF  COMPUTER  SOFTWARE  WHICH  IS  TRANSMITTED  TO  THE  CENTRAL  FACILITY  WILL 
NEITHER  VIOLATE  THE  U S.  EXPORT  ADMINISTRATION  REGULATIONS.  THE  INTERNATIONAL  TRAFFIC  IN  ARMS  REGULATIONS. 
THE  NUCLEAR  NONPROLIFERATION  ACT.  OR  CONSTITUTE  THE  RELEASE  OF  SENSITIVE  INFORMATION  THAT  WOULD 
OTHERWISE  COMPROMISE  NATIONAL  SECURITY.  (J) 

ESTABLISH  AND  MAINTAIN  A SYSTEM  OF  MANAGEMENT  CONTROLS  FOR  ALL  PROGRAMS  AND  ADMINISTRATIVE  FUNCTIONS 
RELATED  TO  ADP  EQUIPMENT  ACQUISITION,  COMPUTER  FACIUTY  MANAGEMENT,  EQUIPMENT  UTILIZATION,  SOFTWARE 
DEVELOPMENT,  AND  AUTOMATED  MANAGEMENT  INFORMATION  SYSTEMS  DEVELOPMENT,  AS  DIRECTED  BY  THE  GAO  AND 
DOE.  (K) 

DEVELOP  MANAGEMENT  CONTROL  PLANS  TO  DESCRIBE  THE  SCHEDULE  FOR  ASSESSING  VULNERABIUTIES,  IDENTIFYING 
AND  IMPLEMENTING  NEEDED  IMPROVEMENTS.  AND  TESTING  INTERNAL  CONTROLS.  (K) 


• EVALUATE  THE  EFFECTIVENESS  OF  INTERNAL  CONTROLS  ON  A CONTINUING  BASIS.  (K) 


Y 

• ESTABUSH  INTERNAL  CONTROL  PROGRAMS  TO  DETECT  WASTE.  LOSS,  MISMANAGEMENT,  UNAUTHORIZED  USE,  OR 
MISAPPROPRIATION.  (K) 

r 

• CONDUCT  REVIEWS  OF  FINANCIAL  MANAGEMENT  SYSTEMS  AS  REOUIRED.  (K) 

r 

• DEVELOP  A MANAGEMENT  CONTROL  PLAN  AS  APPROPRIATE.  (K) 

r 

• REPORT  RESULTS  OF  INTERNAL  CONTROL  SYSTEM  EVALUATIONS  AS  REQUIRED.  (K) 

Y 

• ESTABUSH  AND  IMPLEMENTAN  INTERNAL  CONTROL  ACTIVITY  TRACKING  PROGRAM  AS  APPROPRIATE.  (K) 

BOTH 

r 

• ESTABLISH  PROGRAM  MANAGEMENT  ORGANIZATION/POSITIONS  FOR  SENSITIVEADLASSIFIED  DATA  AND  PROGRAMS. 

(A.B.C.E) 

CLASSIFIED 

• ESTABUSH  PROCEDURES  FOR  IDENTIFYING  AND  REPORTING  VIOLATIONS  OF  LAW,  LOSSES.  AND  INCIDENTS  OF  SECURITY 
INTEREST  TO  APPROPRIATE  AUTHORITIES.  (1) 

• REPORT  ANY  SERIOUS  SECURITY  INCIDENTS  TO  THE  IG.  (m) 

KEY: 


YES-Y 


NO.N 


NOTAPPUCA8L£*N/A 


PARTlALLYaP 


NOTE:  A letter  in  parenthesis  follows  each  nae  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  idenafy  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  Ust,  Resource  Table  R3. 

(2)  NOTE:  Administraove  Procedures  for  a specific  secunty  disapline  (e  g.,  physical,  computer,  etc.)  are  listed  under 
a^at  disapline  area. 


4^ 

4^ 

4 

4^ 

> 

4^ 

4^ 

4 

4 

4 

4^ 

4 

4^ 

4^ 

4^ 

4 

4 

4^ 

4^ 

4^ 

4^ 

4^ 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 

BASELINE  SECURITY 
REQUIREMENTS  FOR: 
ENVIRONMENTAL 
SECURITY/SAFETY 


STEP  3 


WORKSHEET 

W3.8a 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

,4 


System  Name/ldentification:  DD'&' 

BOTKiil:- ■ , 


r 


r 


r 


Y 


Y 


Y 


Y 


1 


Y 


Y 


- V. 

y 


1 


y 


Y 


a7 


fj 


• ESTABLISH/UnuZE  DESIGN  REVIEW  PROCESS  FOR  ALL  NEW/MODIFIED  BUILDINGS  TO  ASSURE  FIRE 
_ DETECTION/PREVENTION  ISSUES  ARE  ADDRESSED,  (e) 

• SEGREGATE  AND  RESTRICT  THE  OUANTITY  OF  HAZARDOUS  MATERIAL  STORAGE,  (e) 

• unUZE  FLAME/SMOKE  RESISTANT  INTERIOR  FINISH  MATERIALS,  (e) 

• SELECT  FIRE  PROTECTION  SYSTEM  BASED  ON  VALUE  OF  FACIUTY  AND  CONTENTS,  (e) 

• PROTECT  STORAGE  AREAS  AND  ROOMS  AGAINST  FIRES.  (A.  e) 

SELECT  FIRE  PREVENTION  MEASURES  (AMOUNT,  TYPE.  ETC.)  BASED  ON  IMPORTANCE  OF  PROGRAM  (HOW  VITAL  IT  IS)  AND 

• THE  TIME  ALLOWED  FOR  SHUT  DOWN  OF  THAT  PROGRAM,  (o) 

• CONDUCT  SELF-AUDITS  AND  INSPECTIONS  USING  FIRE  PROTECTION  EXPERTS,  (e) 

• DEVELOP,  MAINTAIN.  TEST  FIRE  EMERGENCY  PLAN,  (e.f) 

• TRAIN  PERSONNEL  IN  FIRE  DETECTION/PREVENTION,  (e) 

• INSTALLFIREWAUS,  FIRE  DOORS.  DRAFT  BARRIERS  TO  CONTAIN  FIRE,  (e) 

• IMPLEMENT  SPECIAL  FIRE  CONTROL  SYSTEM  FOR  HAZARDOUS  MATERIALS,  (e) 

• INSTALL  AUTOMATIC  FIRE  DETECTION/REPORTING  CAPABIUTY.  (e) 

• INSTALL  AUTOMATIC  SPRINKLER  PROTECTION  FOR  ALL  COMBUSTIBLE  CONSTRUCTION  AND  COMPUTER  ROOMS,  (e.f) 

• UTILIZE  METAL  FURNISHINGS  IN  COMPUTER  AREA  (f) 

• PROHIBIT  SMOKING,  (f) 

• PROHIBITBULKSTORAGEOFRECORDS.SUPPUES,  COMBUSTIBLE  MATERIALS.  (0 

• UTILIZE  NON-COMBUSTIBLE  CABLE  TRAYS  AND  FLAME  RETARDENT  INSULATION  OR  JACKETS  FOR  CABLES,  (f) 

• INSTALL  SEPARATE  FIRE  ALARM  SYSTEM  FOR  COMPUTER  ROOM,  (e.f) 

LIMIT  AMOUNT  OF  COMPUTER  EQUIPMENT  IN  1 ROOM  TO  $1,000,000  VALUE  AND  HAVE  4 HOUR  FIREWALLS  WHEN  VALUE 

• DICTATES  DIVISION  OF  AREA  INTO  SEPARATE  ROOMS,  (e) 

DISALLOW  AIR  DUCTS  THAT  SERVE  OTHER  AREAS  OR  REQUIRE  THAT  THEY  BE  FIRE  RESISTANT  DUCTS,  (e,  0 

• AVOID  BUNDUNQ  CABLES  IN  LARGE  GROUPS,  (e.  0 

• REMOVE  ALL  ABANDONED  CABLE  FROM  PREMISES,  (e.  f) 

• MINIMIZE  STORAGE  OF  UNUSED  CABLES  UNDER  FLOOR  SPACES  OR  IN  TRAYS,  (e.f) 

• STORE  ALL  COMPUTER  PAPER  SUPPLIES  IN  METAL  CONTAINERS,  (e.  f) 

• PROMINENTLY  LABEL  MASTER  CONTROL  SWITCH  FOR  ALL  EQUIPMENT  AT  EACH  EXIT  TO  THE  FACIUTY.  (e,  f) 


lY: 


YES.Y 


NOaN 


NOTAPPUCABLE  = NfA 


PAiPTlAaYaP 


NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  TaDie  R3. 
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department  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS: 
ENVIRONMENTAL 
SECURITY/SAFETY 

STEP  3 

WORKSHEET 

W3.8b 

System  Name/ldentificatlon: 

BOTH  (Continued) 

4^ 

4 

4^ 

4 

4- 

4^ 

4^ 

4 

4^ 

4^ 

4 

4^ 

> 

4^ 

4^ 

4^ 

l4 


r 


Y 


Y 


T 


INSTAU  AUTOMATIC  SPRINKLER  AND  DETECTION  SYSTEMS  IN  STORAGE  ROOMSVAULTS.  (e.  f) 

INSTAa  RAISED  FLOORING,  (e.  0 

SITUATE  COMPUTER  FACIUTIES  IN  NON-TRADITIONAL  MOBILE  BUILDING  STRUCTURES  A MINIMUM  OF  50  FEET  FROM 
NEAREST  ADJOINING  STRUCTURE  AND  CONSTRUCT  WITH  NON-COMBUSTIBLE  MATERIALS,  (0 

ASSIGN  RESPONSIBIUTY  FOR  IDENTIFYING  FIRE  AND  PLANNING  FACIUTYS  FIRE  PREVENTION  AND  DETECTION 
NEEDS,  (e) 


CLASSIFIED 


PROHIBIT  UNAUTHORIZED  STORAGE  OF  SPECIAL  NUCLEAR  MATERIAL  (m)  ^ 


YES-Y 


NO-N 


NOTAPPUCABLE-N/A 


PARTlAaY  - P 


c;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List.  Resource  Table  B3 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


THREAT  AND 
VULNERABILITY 
REVIEW 


STEP  4 


WORKSHEET 

W4 


1.  System  Name/ldentificatlon:  Anonymous  DOE  Computer  Center 


2. 

ASSET 

(a)  THREATS/VULNERABILITY(IES) 

(b) 

PROBA- 

BILITY* 

(c) 

PRIORITY 

FOR 

UPGRADE 

a.  Physical 
(Facility): 

b.  Parsonnal: 

DOE  «mploy09»  not  yot  eloarod  may  hava  access  to  unclassified 
but  sansitlva  data  bacausa  supervisors  not  advised  of  clearance 
statue 

H 

1 

c.  Information/Oata, 
and  Emiaaiona: 

d.  Communicationa: 

a.  Computar  (Hard* 
wars  & Software): 

f.  Procaduraa/ 
Adminiatration/ 
Managamant: 

g.  Environmantal 
Security  and 
Safety: 

Walla  do  not  meat  firarating  standards  causing  rapid 
spread  of  fire. 

L 

3 

Paper  auppllaa  not  stored  in  metal  container  creating  a fire 
hazard. 

L 

2 

PROBABILITY  KEY: 


HIGH  (H)  > THREAT  IS  VERY  UKELY  TO  OCCUR  (ONE  OR  MORE  TIMES  A YEAR). 

MEDIUM  (M)  a THREAT  IS  UKELY  TO  OCCUR  (ONCE  EVERY  S YEARS). 

LOW  (L)  a THREAT  IS  UNLIKELY  TO  OCCUR  (ONCE  EVERY  10  YEARS  OR  LESS  FREQUENTLY). 
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department  of  energy 
adp  system  risk  assessment 

threats  to  and 

VULNERABILITIES  OF 
THE  PHYSICAL 
FACILITY 

STEP  4 

RESOURCE 

TABLE 

R4.1  a 

- IMPACT  AREAS  - 

PHYSICAL  FACILITY 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THRIATSl  ^ 

STORMS 

a: 

yl 

EARTHQUAKES 

V 

V 

V 

.FIRg 

V 

V 

>/ 

V 

flood 

V 

^ 

v 

hurricane 

>/ 

V 

yl 

TORNADO 

V 

>/ 

yi 

yl 

INTENTIONAL  HUMAM  THREATS: 

TERRORIST  INCIDENT 

V 

V 

V 

yl 

BOMBING 

V 

yl 

>/ 

yl 

RIOT/CIVIL  DISORDER 

V 

yl 

yl 

yj 

SABOTAGE 

V 

V 

yl 

aRS'6'1^ 

V 

V 

n'' 

‘yf. 

VANDALISM 

>/ 

>/ 

V 

THEFT 

V 

v 

.UNAM.THQRi^gp,  

_3/  , 

V 

V 

Jz 

MISAPPROPRIATION 

T 

>/ 

V 

\ 

NEGLECT 

V 

V 

V 

STRIKES 

V 

UNINTENTIONAL  HUMAN  TMRBATSr;>^ 

■.ig:::--:...':.'  ...  - ^ , 

ACCIDENTS 

V 

V 

yl 

yl 

OPERAT1ONAUPROCE0URAL  ERRORS 

V 

V 

V 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

NEGLECT 

V 

V 

V 

V 

E N V 1 R 0 N Me^!TACi:^RlATS:^%#l  A 

.,r  - ■ 

HEATtNQK:OOLING  SYSTEM  FAILURE 

V 

V 

V 

POWER  FLUCTUATIONS/OUTAGE 

V 

TEMPERATURE/HUMIDITY  FLUCTUATIONS 

yl 

V 

yl 

STRUCTURAL  FAILURE 

i 

yl 

V 

V 

yl 

% 
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4 


' department  of  energy 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OP 
PERSONNEL 

STEP  4 

RESOURCE 

TABLE 

R4.2a 

-IMPACT  AREAS- 

PERSONNEL 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THRBATSr-’ ' - 

s >^> 

STORMS 

a> 

V 

EARTHOUAKES 

V 

V 

>/ 

FIRE 

V 

V 

^/ 

flood 

yj 

WORRfCANE 

*‘V 

4 

V 

POLLUTION 

V 

yj 

TORNADO 

V 

V 

4 

UGHTNING 

^/ 

V 

4 

INTENTIONAL  HUMAN  THREATS: 

■ 

TERRORIST  INCIDENT 

V 

•4 

V 

4 

BOMBING 

V 

yi 

4 

RIOT/CIVIL  DISORDER 

V 

yj 

4 

STRIKES 

4 

kTONARRfl^ 

*T 

V 

r * 

V 

ASSAULT 

< 

V 

V 

4 

MURDER 

V 

4 

UNINTENTIONAL  HUMAW  THREATEs 

ACCIDENTS 



, v , 

OPERATIONAUPROCEDURAL  ERRORS 

>/ 

EMOTIONAL  MENTAL  HEALTH  PROBLEMS 

V 

V 

X3l 

ENVIRONMENTALilfHREATSi^^ii;^^'^^^^ 

HEATINQCOOUNG  SYSTEM  FAILURE 

POWER  OUTAGE 

structural  FAILUR8 

1 . 

>/ 

4 
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DEPARTMENT  OP  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


THREATS  TO  AND 
VULNERABILITIES  OP 
INFORMATION,  DATA, 
AND  (DATA)  EMISSIONS 


STEP  4 


RESOURCE 

TABLE 

R4.3a 


>4 


UNINTENTIONAL  HUMAN ^THRBATtr 


ACCIOENTS 

OPERATIONALm^EOURAL  ERRORS 

HARDWARE  FALURSAMUUNCnON 

SOFTWARE  ERRORS 
#•*•«••»•«•«»*••*»« 

ERASURE 

NEGLIGENCE 

EMOTIONAL  MENTAL  HEALTH  PROBLEMS 


£) 


$ 


ENVIRONMENTAL  THREATS: 


HEATINGCOOUNQ  SYSTEM  FAILURE 
POWER  FlUCTUATlONSWrAQE 

’ tempsrature/humioity  fluctuations 

iTRUCTURAL  FALURE 


G> 


-IMPACT  AREAS- 

INFORMATION  AND  DATA 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS;  . 

STORMS 

V 

EARTHQUAKES 

V 

V . 

FIRE 

J 

aooo 

V 

V 

y. 

HURRiCANE 

V 

POLLUTION 

V 

< 

TORNADO 

LIGHTNING 

<h 

>/ 

(b 

INTENTIONAL  HUMAN  THREATSt^  ^ ^ 

TERRORIST  INCIDENT 

V 

V 

V 

BOMBING 

V 

V 

V 

ROT/CIVIL  DISORDER 

V 

V 

SABOTAGE 

V. 

V 

V 

'ARSON * 

V 

V 

V 

VANDALISM 

THEFT 

V 

w. 

UNAUTHORIZED  ACCESS 

. o 

^ 

-2^. 

MfSXPPRORRIAHON 

V 

V 

WIRETAPPING/EAVESDROPPINO 

V 

VIRUS 

TRAPDOOR 

V 

V 

TROJAN  HORSE 

.'i 





V 



V 

V 

ERASURE 

EMISSION  INTERCEPTION 

V 

STRIKES 

>1 

,1. 

V 

V 

c2 
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DEPARTMENT  OF  ENERGY 

adp  system  risk  assessment 


THREATS  TO  AND 
VULNERABILITIES  OF 
COMMUNICATIONS 


STEP  4 


RESOURCE 

TABLE 

R4.4a 


-IMPACT  AREAS - 


COMMUNICATIONS 

DAMAGE 

DESTRXTION 

DISCLOSURE 

DENIAL 

natural  THREATS^.  . . 

STORMS 

U) 

EARTHOUAKES 

V 

V 

V 

V 

FIRE 

V 

V 

V 

flood 

V 

.V 

>/ 

HURRiCANE 

V 

V 

TORNADO 

V 

V 

V 

lightning 

d) 

V 

INTENTIONAL  HUMAN  THREATS; 

TERRORIST  INCIDENT 

V 

V 

>/ 

yl 

BOMBING 

V 

V 

V 

V 

RIOT/CIVIL  DISORDER 

V 

>1- 

SABOTAGE 

T) 

jD 

Jp. 

ARSON 

ny 

VANDALISM 

V 

theft 

V 

UNAUTHORIZED  ACCESS 



:0 

MISAPPROPRIATION 



Wl  RETAPPINQ/EAVESOROPPINQ 

V 

V 

NEGLECT 

V 

V 

V 

V 

STRIKES 

V 

UNINTENTIONAL  HUMAN  TMRtATSr'< 

. 

ACCIDENTS 

OPERATIONAUPROCEDURAL  ERRORS 

V 

^l 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

NEGLECT 

V 

V 

>3 

E N V 1 R 0 N MENT  ALifej?!RKM‘«?|Sf^ 

HEATINQ/COOLINQ  SYSTEM  FAILURE 

<3:^ 

POWER  FLUCTUATIONSWrAGE 

cuf 

TEMPERATURE4HUMIOrrY  FLUCTUATIONS 

XD 

STRUCTURAL  FAILURE 

c 

a 

NOTE:  Communicitionf  inciudtt  U communication  capabilitif  a and  aquipmani:  lints,  natworks. 

COMSEC  stcurity  dtvicts.  protacttd  distribution  systtms.  pbonts.  modams.  ate.  cs  - 4 1 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
AOP  SYSTEM 
PROCEDURES, 
ADMINISTRATION  AND 
MANAGEMENT 

STEP  4 

RESOURCE 

TABLE 

R4.6a 

-IMPACT  AREAS- 

AOP  SYSTEM  PROCEDURES 

ADMINISTRATION  AND  MANAGEMENT 

DAMAGE 

DESTRUCTION  | 

DISCLOSURE 

DENIAL 

NATURAL  THREATS^' Vi ^ ^ 

STORMS 

V 

A 

A 

EARTHQUAKES 

V 

A 

A 

..  ..FlRg 

V 

.V 

A 

A 

flood 

’4 

V 

A 

A 

HURRICANE 

V 

V 

A 

A 

TORNADO 

V 

V 

A 

A 

INTENTIONAL  HUMArf  THREATSt 

> 

TERRORIST  INCIDENT 

^l 

V 

A 

A 

BOMBING 

V 

V 

A 

A 

RIOT/CIVIL  DISORDER 

V 

V 

A 

A 

SABOTAGE 

V 

V 

A 

A 

ARSON 

V 

V 

A 

A 

VANDALISM 

V 

A 

■7 

V 

THEFT 

A 

A 

UNAUTHORIZED  ACCESS 

V 

A 

A 

A 

NEGLECT 

V 

A 

A 

A 

UNINTENTIONAL  HUMAN^  THREATSr< v s;? 

• ' ' ' 

ACCIDENTS 

% 

A 

A 

A 

0PERAT10NAUPR0CEDURAL  ERRORS 

A 

A 

A 

NEGLECT 

A 

A 

A 

EMOTIONAL,  MEMTAL.  HEALTH  PROBLEMS 

A 

A 

A 

ENVIflONMENTAt3|j]|il||*T«l!lgi^. 

POWER  OUTAGE 

(Jr^ 

TEMPERATURBUUMIOTTY  FLUCTUATIONS 

V 

STRUCTURAL  FAILURE 

V 

A 

A 

A 
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CS-43 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

COUNTERMEASURES 
IDENTIFICATION  AND 

RISK  PROFILE  ACCEPTANCE 

STEP  5 

WORKSHEET 

W5 

1.  System  Name/Identification 

Anonymous  DOE  Computer  Center 

2.  SECURITY 
DISCIPLINE 
AREA 

(a)  ACCEPT 
CURRENT 
RISK  PROFILE 
(YES  OR  NO) 

(b)  COUNTERMEASURES 

TO  BE  IMPLEMENTED 

(c) 

APPROX. 

COST 

(d) 

PRIORITY 

(a) 

TARGET 

DATE 

a.  Phyaieal 

Security: 

Yea 

Nono  boyond  thoso  In  ploco 

b.  Peraonnel 
Security: 

No 

E»t»bll»h  proeoduno  to  notify  $upervl»or» 
of  Individual’s  claaranea  status 

0 

1 

10/89 

c.  Information 
Security: 

Yea 

Nona  bayond  thosa  In  plaea 

d.  Communicationa 
Security: 

Yea 

Nona  bayond  thosa  in  plaea 

a.  Emiaaions 
Security 
(TEMPEST): 

Yea 

Nona  bayond  thosa  in  plaea 

f-  Computer 

Security  (Hard- 
ware & Software): 

Yea 

Nona  bayond  thosa  In  plaea 

g.  Adminiatrativa/ 
Procedural 
Security  and 
Security 
Management 

Yes 

Nona  bayond  thoaa  In  plaea 

h.  Environmental 
Security  and 
Safety: 

No 

Mova  aquipmant  to  naw  eomputar  room 

Acquira  matal  eontainars  tor  papar  storaga 

Raduea  bundia  siza  of  eablas 

$500 

$350 

$900 

2 

1 

3 

12/89 

11/89 

2/90 
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STEP  1 

WORKSHEETS 
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4 

4 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


SYSTEM  COMPOSITION, 
CONNECTIONS,  AND 
CONFIGURATION 


STEP  1 


WORKSHEET 

W1.1 


System  Name/Identification: 

Organization/Uaar:  

Primary  Use:  

Location(a):  

Date:  


2.  Connections: 


Stand  Aione  System:  □□ 


Network  System: 
LAN:  □ 


WAN:  □ 


I I : Open 
I I : Closed 


3.  Configuration  Diagram: 
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♦ 

♦ 

♦ 

4- 

■4 

4 

♦ 

♦ 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


* NOTE;  Hardware  refers  to  the  computer,  peripherals,  printer,  and  environmental  and  spedeU  support  items. 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

HARDWARE*  INVENTORY 

AND  COST 

STEP  1 

WORKSHEET 

W1.2 

1 • Syeterr 
OrganI 

Primer 

Locatic 

Date: 

Name/Identification: 

2ation/Uaar: 

f Uaa: 

•n(a): 

Z, 

<#)  Bet 

77  1 

;(b)  t Amotiitt  o 

M Baling 
**  <VH-VL) 

H • 

H - 

H ■ 

H - 

H • 

H • 

H • 

H - 

H - 

H - 

H . 

H • 

H - 

H • 

H • 

H . 

3.  Total  Replacement  Coat  $ or  Rating  (VH,  H,  M,  L,  VL) 

2 
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♦ 

♦ 

♦ 

♦ 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


SOFTWARE  • INVENTORY 
AND  COST 


STEP  1 


WORKSHEET 

W1.3 


1 . SysUm  N«me/ldantification: 

Organization/Usar:  

Primary  Uaa:  

Locatlon(a):  

Data: 


1, 


(•}  Rat  Ho. 


Soitmaro  iRvanlory 


{b>  Daaerlptfwi/ldafitificaifan 


: (»> ' 
Tipo 
Storag# 
Madia 


Hfl'K 

Ooaa-  a 

Exiit? 


{») 

Approx, 
ttewo  io 
Oavatop 


Raptaaamant  Coat 


OB  Badng 
$ Amount  (VH-VL) 


4 

♦ 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


SW  - 


sw 


SW 


sw 


sw 


sw  - 


sw  ■ 


sw  . 


sw  • 


sw  • 


sw 


sw  • 


sw  - 


sw  - 


sw 


3.  Total  Replacement  Cost 


or 


Rating  (VH,  H,  M,  L,  VL) 


NOTE:  Software  includes  all  types  of  software,  applications,  and  programs. 
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3 


♦ 
♦ 
♦ 
♦ 
♦ 
4- 
♦ 
♦ 
4 
4 
4 
4 
4 
4 
4 
4 

4 
4 
4 
4 
4 
4 
4 

* NOTE:  Data  refara  to  data  aata  uatd  as  input  for  processing  or  that  result  from  processing. 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

DATA*  INVENTORY 
AND  COST 

STEP  1 

WORKSHEET 

W1.4 

1 • System  Name/ldentifieation: 

Organization/Uaar: 

Primary  Uss: 

Locationfs): 

Date: 

2* 

' Ontp  Ipvopipiy 

^prox. 
Ifrpo  la 
Davoiop 

w . 

So**  * 

Biel(«up 

Exiftr 

rto. 

<b)  CHifddplloh/ttfontHMsitton 

<♦>  o 

$ Amount  ^ 

a Biting 
{VH-Vt) 

D - 

D • 

D • 

D • 

D • 

D • 

D • 

D - 

D - 

D - 

D - 

D - 

D - 

D - 

D - 

3.  Total  Replacement  Cost  $ or  Rating  (VH,  H,  M,  L,  VL) 

4 
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STEP  2 
WORKSHEETS 
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'1 


j 


I 


A 'l,  T 


S' 


*■■■  '4,  s~!, a * ' i =>2^ 

' ■ ' ■ 


'(/  '?i  ' - 'SS' 

V:;''  j,  ,c. 

i'/'-  vW;  ;/  svu^\r<s-,>--^(^54i(to(yiferf*il  ■;  ■■■'•• 


J 


..ivw*  -i-'-yfi 


f-,  «,?t.  'siu  . , 

S . '■  . •!  . 'fj‘‘ "'Ylrli  )S,  «.!i 


' '.'^  (S 


■■J-7 


.1: 


"'f-' 


iW 


,:^V-  . 

J:,.,ufj 


1 ^ ■ 


I 

..:4'V  A--V-^!t,SH?J>i«.. 
•.  ■ 1 1-. 

'I 

,'>Tr  . 


-nt 


4- 

♦ 

4 
4- 

+ 
4- 
+ 
4- 
♦ 
♦ 
4- 
♦ 
♦ 
4> 
♦ 
4- 
4- 
4- 
4 
4 
4 
4 

NOTE:  A system  consists  of  the  computer,  peripherals,  printer,  environmental  and  other  support  items. 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


SYSTEM 

CHARACTERISTICS 
AND  IMPORTANCE 


STEP  2 


WORKSHEET 

W2.1 


(a)  «ytt4m' 


(b)  NomtMr  of  Us«« 


<c)  Froquancy  of  Uao 
(YL  ^ VH) 


if  Utf«v«M»br« 
(Vt.  - ¥H> 


System*1 

Nsme/ID: 


System-2 

Name/ID: 


System-3 

Name/ID: 


System-4 

Name/SD: 


System-S 

Name/ID: 


5 
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4- 

♦ 

♦ 

4- 

♦ 

4- 

♦ 

♦ 

4- 

4> 

4> 

4- 

4- 

+ 

♦ 

♦ 


DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


SOFTWARE  * 
CHARACTERISTICS 
AND  IMPORTANCE 


STEP  2 


WORKSHEET 

W2.2 


1 . 


• SysUm  Nam«/ld«ntific«tion: 

• Organization/Usar:  ____ 

• Location(a):  

• Data: 


NOTE:  manbttnt  from  IforUrahaai  Jt  is  mvptd  fsUsEtMf  mtrimk-- 


2.  Raf.  No. 

a)  Softwara  Sansitivity  or  Classification 

b)  Fraquancy 
of  Uaa 

e)  Impact  if 
Unavailabla 

1)  Unclassifiad? 

2)  Sanaitiva 

Unclassifiad? 
(Typa) 

3)  Claaaifiad? 

(Nota  Laval  and 
Mods  of  Oparation  ) 

SW  - 

SW  - 

SW  - 

SW  - 

SW  - 

SW  - 

SW  - 

SW  - 

SW  • 

SW  - 

SW  - 

SW  • 

SW  - 

SW  - 

SW  • 

3.  Approx. 

% ** 

% 

% 

% 

\ 

Softwara  includaa  all  typea  of  aoftwara,  applications,  and  programs. 

**  Total  of  columns  1,  2,  and  3 should  = 100%  (raflacting  all  softwara  (applications,  programs)  uaad). 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


DATA* 

CHARACTERISTICS 
AND  IMPORTANCE 


STEP  2 


WORKSHEET 

W2.3 


1-  *Sy*t«m  Nam«/ld*ntification: 

*Organizatlon/Uaar:  

*Location(a):  

•Data:  


(fit*  ft0m  WnflMmt  WtJt 


2.  Ref. 
No. 

(a)  Data  Senaitivity  or  Claaalfication 

b)  Frequency 
of  Use 

e)  Impact  If 
Unavailable 

1)  Unclaasifiad? 

2)  Sensitive 
Unclassified? 
(Note  Type) 

3)  Classified? 
(Note  Level) 

D - 

D - 

D - 

D - 

D • 

D • 

D - 

D • 

D • 

D - 

D • 

D • 

D • 

D - 

• 

D • 

3.  Approx. 
% 

% 

% 

% 

4 

♦ 

♦ 

♦ 

4- 

♦ 

♦ 

♦ 

4 

♦ 

4 

♦ 

♦ 

♦ 

♦ 

4- 

♦ 

4- 

♦ 

4- 

♦ 


Data  rafera  to  specific  data  sets  used  as  input  for  processing  or  that  result  from  processing. 
**  Total  of  columns  1,  2,  and  3 should  = 100%  of  all  data  used. 


7 


153  - 


STEP  3 
WORKSHEETS 
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DEPARTMENT  OF  ENERGY 

REVIEW  OF 
BASELINE  SECURITY 

STEP  3 

WORKSHEET 

W3.1a 

ADP  SYSTEM  RISK  ASSESSMENT 

REQUIREMENTS  FOR: 
PHYSICAL  SECURITY 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


System  Name/ldentificatlon: 


SENSITIVE  U NCt ASSJPIE D 


STORE  INFORMATION/DATA  IN  UNLOCKED  FILES,  DESKS  WITHIN  CONTROLLED/GUARDED  AREA.  (8) 
STORE  INFORMATION/DATA  IN  LOCKED  REPOSITORY  IN  UNCONTROLLED/GUARDED  AREA.  (8) 


BOTH 


. DEFINE  PHYSICAL  SECURITY  REOUIREMENTS  FOR  ADP  OPERATIONS  AT  ONSET  OF  PROGRAM.  (D) 

• UTILIZE  A PERSONNEL  IDENTIFICATION  SYSTEM  FOR  FACILITY  WITH  30+  INDIVIDUALS,  (q.  r,  u) 

. RECOVER  BADGES  OF  TERMINATING  EMPLOYEES  AND  DEPARTING  VISITORS,  (u) 

. REPLACE  BADGES  AND  PASSES  AS  APPROPRIATE,  (u) 

. RETAIN  RECORD  OF  LOST  BADGES,  PASSES,  CREDENTIALS,  AND  SHIELDS,  (u) 

. DESIGN  ELECTRONIC  ALARMS  TO  MEET  SITE-SPECIFIC  PROTECTION  NEEDS  AND  REQUIREMENTS  IN  DOE  5632.5.  (q) 

. USE  A RECEPTIONIST  OR  EMPLOYEE  WITH  ASSIGNED  RESPONSIBIUTY  TO  CONTROL  ACCESS  DURING  WORKING  HOURS,  (r) 

• MAINTAIN  A VISITORS  LOG.  (r) 

. POST  TRESPASSING  SIGNS  AROUND  PERIMETER  AND  ENTRANCES,  (r) 

. INSPECT  AND  SEARCH  VEHICLES  AND  HAND  CARRIED  ITEMS  RANDOMLY,  (r) 

. POST  CONTRABAND/PROHIBITED  ITEMS  SIGN  AT  ALL  ENTRANCES  (r) 

• IMPEDE  ACCESS  WITH  BARRIERS  (I.E.,  WALLS,  FENCES,  ETC.),  (r) 

. LOCK  AREA,  BUILDING,  ADP  CENTER,  ETC  WHEN  UNOCCUPIED,  (r) 

. UTILIZE  LOCKS  THAT  ARE  GSA/GOVERNMENT  APPROVED,  (r) 

. CONTROL  AND  ACCOUNT  FOR  ALL  KEYS  AND  COMBINATIONS,  (r) 

. CFIANGE  LOCKS  AND  COMBINATIONS  WHEN  LOST/COMPROMISED  (r) 

. PROVIDE  INTRUSION  DETECTION  SYSTEM  AS  APPROPRIATE,  (r) 


. TEST  AND  MAINTAIN  ALARN^SECURITY  SYSTEMS  AND  COMPONENTS  IN  OPERABLE  CONDITION,  (r) 


• ESTABUSH  EMERGENCY  PLANS,  (r) 

. DESIGN  ELECTRONIC  ALARMS  TO  MEET  SITE-SPECIFIC  PROTECTION  NEEDS  AND  REQUIREMENTS  WITH  DOE  ALARM 
REQUIREMENTS,  (q) 


KEY: 


YES  = Y 


NO  = N 


NOTAPPUCABLE.N/A 


PARTIALLY  = P 


NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
PHYSICAL  SECURITY 

STEP  3 

WORKSHEET 

W3.1b 

Svstem  Name/ldentificatlon: 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


DETECT  AND  DETER  UNAUTHORIZED  ACCESS  TO  ADP  CENTERS,  (q) 

ESTABUSH  SECURITY  AREAS  AS  REOUIRED  BY  DOE  BASED  ON  MISSION  AND  SIZE,  (a) 
SAFEGUARD  STOCK  OF  UNUSED  BADGES.  PASSES,  CREDENTIALS,  AND  SHIELDS,  (u) 
IDENTIFY  SECURITY  IMPORTANCE  RATINGS  OF  SECURE  FACIUTIES.  (m) 


. CONTROL  AND  UMIT  ACCESS  TO  PERSONNEL  WHO  ARE  CLEARED  FOR  ACCESS  TO  THE  HIGHEST  CLASSIRCATION 
LEVEL  OF  INFORMATION,  (p,  q) 


ESTABLISH  A TSCM  PROGRAM  FOR  FACILITIES  THAT  HOUSE  CLASSIRED  ADP  SYSTEMS,  (o) 

NOTIFY  RESPONSIBLE  ORGANIZATION  OF  PHYSICAL  SECURITY  DEFICIENCIES,  (m) 

CONDUCT  INITIAL  AND  PERIODIC  SECURITY  SURVEYS  TO  ENSURE  DOE  SECURITY  POUCIES  AND  PROCEDURES  ARE 
IMPLEMENTED,  (m) 


KEY: 


YES  = Y 


NO  = N 


NOTAPPUCABLE  = N/A 


PARTIALLY  = P 


NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  tetter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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4 

f 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


KEY:  YES  = Y NO=N NOT  APPUCABLE  = N/A PARTIALLY  xP 

NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
PERSONNEL  SECURITY 

STEP  3 

WORKSHEET 

W3.2 

System  Name/ldentificatlon: 

SENSITIVE  UNCLASSIFIED 

• LIMIT  PERSONNEL  ACCESS  TO  SENSITIVE  UNCLASSIFIED  MATERIALS  VIA 
DISSEMINATION  AND  ACCESS  CONTROLS.  (B,E,F,H) 


• SCREEN  ALL  PERSONNEL  INVOLVED  WITH  SENSITIVE  DATA.  (E) 


• REQUIRE  PROOF  OF  IDENTITY  TO  RECEIPT  FOR  INFORMATION.  (H) 


CLASSIFIED 


• CONTROL  AND  LIMIT  ACCESS  TO  CLASSIFIED  INFORMATION  TO  AUTHORIZED  PERSONNEL 
ONLY.  (n,p) 


• LIMIT  PERSONNEL  ACCESS  TO  WEAPONS  DATA  MATERIALS  VIA  DISSEMINATION  AND 
ACCESS  CONTROLS,  (v) 


• CONTROL  ACCESS  TO  FOREIGN  INTELLIGENCE  INFORMATION,  (x) 


• ENSURE  PERSONNEL  ARE  COGNIZANT  OF  THEIR  RESPONSIBILITIES  TO  SAFEGUARD  AND 
CONTROL  CLASSIFIED  DOCUMENTS,  (n) 


• OBTAIN  NECESSARY  VISITOR  ACCESS  AUTHORIZATIONS  PRIOR  TO  PERMITTING  ACCESS 
TO  FACILITIES  CONTAINING  NAVAL  NUCLEAR  PROPULSION  INFORMATION  (NNPI).  (h) 


• ENSURE  THAT  ALL  INDIVIDUALS  REQUIRING  ACCESS  TO  CLASSIFIED  MATERIAL  ARE 
APPROPRIATELY  CLEARED,  (g) 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 

STEP  3 

BASELINE  SECURITY 

REQUIREMENTS  FOR: 

WORKSHEET 

INFORMATION  SECURITY 

W3.3 

System  Name/ldentificatlon: 


SENSmVS  UHCLA8SIFIED 


MAINTAIN  CURRENT  INVENTORY  OF  STORED  INFORMATION.  (A) 

USE  COVER  SHEETS  AND  SPECIAL  MARKINGS  FOR  UCNI.  (B) 

STORE  UCNI  MATERIALS  IN  LOCKED  REPOSITORY.  (B) 

STORE  UCNI  MATERIALS  IN  UNLOCKED  FILES  AND  DESKS  IF  WITHIN  CONTROUED/GUARDED  AREA.  (B) 

SHRED  OR  BURN  MEDIA  TO  BE  DESTROYED.  (B) 

PROTECT  COMPUTER  SECURITY  PROGRAM  INFORMATION  (B.E) 

REVIEW  VITAL  RECORDS  ANNUALLY.  (A) 

APPROPRIATELY  MARK  ON  THE  COVER  AND  TITLE  PAGE  OF  ALL  SOFTWARE  DOCUMENTATION  FOR  SCIENTIFIC  AND 
TECHNICAL  COMPUTER  SOFTWARE  WHICH  MAY  BE  DISSEMINATED  TO  OTHERS  (J) 

UTILIZE  OPSEC  TECHNIQUES  OR  MEASURES  TO  PROTECT  CLASSIFIED  OR  SENSITIVEAJNCLASSIFIED  INFORMATION.  (K) 

PREPARE  AN  OPSEC  THREAT  STATEMENT  AND  DEVELOP  A CRITICAL  AND  SENSITIVE  INFORMATION  UST  AND 
SUPPORTING  ESSENTIAL  ELEMENTS  OF  FRIENDLY  INFORMATION.  (K) 

DEVELOP  PROCEDURES  FOR  PROPERLY  REPORTING,  HANDUNG,  SAFEGUARDING.  AND  DISPOSING  OF  DOE  SCIENTIFIC 
AND  TECHNICAL  INFORMATION.  (I) 

PROHIBIT  DUPUCATKDN  OF  SOFTWARE,  DATA  FOR  PERSONAL  USE  OR  ON  HOME  COMPUTERS.  (L) 


BOTH 


IDENTIFY  ALL  SENSITIVE  DATA,  INFORMATION,  MATERIALS.  (A,C,E,F) 

DEFINE  INFORMATION  SECURITY  NEEDS  AT  ONSET  OF  ALL  PROGRAMS.  (D) 

REVIEW  PROGRAMS  AND  DATA  FOR  COMPUANCE  WITH  REQUIREMENTS  FOR  HANDUNG  AND  CONTROL  OF  SENSITIVE 
DATA.  (A,C,E,H) 

MARK  SENSITIVE  UNCLASSIFIED  AND  CLASSIFIED  MATERIAL  AND  EQUIPMENT  WITH  NECESSARY  MARKINGS  EITHER  BY 
STAMPING,  TAGS,  LABELS,  OR  OTHER  SUITABLE  MEANS,  (q) 

STORE  SENSITIVE  OR  CLASSIFIED  MATTER  IN  SECURITY  CONTAINERS,  (q) 


CUASStFlED 


MAINTAIN  ACCOUNTABIUTY  SYSTEM,  AS  APPROPRIATE,  TO  ACCOUNT  FOR  AND  DETERMINE  WHEN  CLASSIFIED  MATTER  IS 
LOST  OR  UNACCOUNTED  FOR.  (a) 

MARK  CLASSIRED  MATERIAL,  MEDIA,  AND  OTHER  EQUIPMENT  WITH  CLASSIFICATION  AND  OTHER  NECESSARY  MARKINGS, 
EITHER  BY  STAMPING,  TAGS,  LABELS,  OR  OTHER  SUITABLE  MEANS,  (q) 

STORE  CLASSIFIED  MATTER  IN  APPROVED  SECURITY  CONTAINERS,  (q) 

CONDUCT  ANNUAL  REVIEW  OF  TOP  SECRET  DOCUMENTS,  (n) 

AFFIX  SPECIAL  HANDUNG  MARKINGS  TO  NNPI  AS  APPROPRIATE,  (h) 


KEY; 


YES  = Y 


NO  = N 


NOTAPPUCABLE  = N/A 


PARTIALLY  = P 


NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 

STEP  3 

BASELINE  SECURITY 

REQUIREMENTS  FOR: 

WORKSHEET 

W3.4 

COMMUNICATIONS 

SECURITY  (COMSEC) 

System  Name/ldentificatlon: 


SEHSiTiVS  liNCtASSIFIED 


AS  APPROPRIATE: 

• USE  OF  PRIVACY  DEVICES  TO  PROTECT  UNCLASSIFIED  INFORMATION,  (c) 

• USE  OF  DES  TO  PROTECT  UNCLASSIFIED,  SENSITIVE  INFORMATION,  (c) 


eOTH 


PROCURE/USE  CRYPTO  GEAR  FOR  UNCLASSIFIED  SENSITIVE 
DISCUSSIONS/TRANSMISSIONS,  IF  DEEMED  NECESSARY,  (c) 

DESIGN  AND  INSTALL  PDS,  AS  APPROPRIATE,  (d) 

SECURE  CLASSIFIED  AND  UNCLASSIFIED  SENSITIVE  SYSTEMS  TO  PREVENT 
COMPROMISE  OR  EXPLOITATION,  (c) 


CLASStPlEO 


CONDUCT  SECURITY  SURVEYS  OF  SECURE  COMMUNICATIONS  CENTERS,  (m) 

PROCUREAJSE  NSA  APPROVED  CRYPTOGRAPHIC  DEVICES,  (p) 

ENSURE  CLASSIFIED  INFORMATION  IS  NOT  DISCUSSED  OR  TRANSMITTED  OVER 
UNENCRYPTED  OR  NONSECURE  TELEPHONE  SYSTEMS,  (n) 

PROCURE/USE  CRYPTO  GEAR  FOR  CLASSIFIED  DISCUSSIONS/TRANSMISSIONS.  (c) 


KEY:  YES  = Y 


NO  = N 


NOT  APPLICABLE  = N/A 


PARTlAaY  = P 


(1)  NOTE:  Additional  PDS  Guidance  is  provided  in  the  DOE  PDS  Procedural  Guide  (u)  (Confidenvi-'). 

(2)  NOTE:  Additional  COMSEC  guidance  regarding  the  role  and  responsibilities  of  the  CRYPTO 

custodian  are  provided  in  the  DOE  COMSEC  Procedural  Guide,  (u)  (Confidential). 

\3)  NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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REVIEW  OF 

STEP  3 

DEPARTMENT  OF  ENERGY 

BASELINE  SECURITY 

REQUIREMENTS  FOR: 

WORKSHEET 

W3.5 

ADP  SYSTEM  RISK  ASSESSMENT 

EMISSIONS  SECURITY 
(TEMPEST) 

System  Name/ldentificatlon: 

4 

4 

4 

f 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


BOTH  BBfl$mVB  UNCUBStFIBB^CtASBlFieB 


AS  APPROPRIATE; 

• APPOINT  TEMPEST  COORDINATOR,  (b) 

• PERFORM  TEMPEST  SURVEYS,  (b) 

• ZONE  TEST  EVERY  3 YEARS,  (b) 


• MAINTAIN  TEMPEST  FILE  FOR  EACH  FACILITY,  (b) 

• COMPLY  WITH  EMISSIONS  SECURITY  REQUIREMENTS,  (b) 


KEY: 


YES  = Y 


NO=N 


NOTAPPLJCABLE  = M'A 


PARTIALLY  = P 


(1)  NOTE;  Additional  TEMPEST  guidance  is  provided  in  the  DOE  TEMPEST  Procedural  Guide  (u)  (Confidential). 

As  of  May  1989,  this  guide  was  undergoing  a major  update/revision. 

(2)  NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  spiecific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR:  * 
COMPUTER  SECURITY 

STEP  3 

WORKSHEET 

W3.6a 

System  Name/ldentificatlon:  

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


SiKSlTiVE  UHCLASSiFJED 


DEFINE  OPERATING  AND  APPLICATION  SOFTWARE  SECURITY  NEEDS  AT  ONSET  OF  PROGRAM.  (D.E.H) 

MAINTAIN  ACCESS  LOG(S)  TO  DETECT  UNAUTHORIZED  ACCESS  ATTEMPTS.  (E) 

RANDOMLY  REVIEW  FILE  CONTENTS.  (E) 

ESTABLISH  CONFIGURATION  MANAGEMENT  CONTROLS  TO  TRACK  HARDWARE  AND  SOFTWARE  SECURITY 
UPGRADES  BASED  ON  RESULTS  OF  RISK  ASSESSMENT.  (E) 

DETERMINE  IMPORTANCE  OF  APPLICATION  TO  MISSION.  (E) 

DEVELOP  COMPUTER  PROTECTION  PLAN.  (E) 

ESTABLISH  AND  IMPLEMENT  COMPUTER  SECURITY  CONTROL  PROCEDURES  TO  PROTECT  HARDWARE, 
SOFTWARE,  AND  DATA  AGAINST  THEFT,  LOSS,  UNAUTHORIZED  MANIPULATION,  FRAUDULENT  ACTIVITIES  AND 
NATURAL  DISASTERS.  (K) 

ADVISE  APPROPRIATE  AUTHORITIES  OF  ANY  SENSITIVEAJNCLASSIFIED  COMPUTER  SECURITY  VULNERABIUTY 
DETECTED  IN  THE  COURSE  OF  AN  OPSEC  VULNERABIUTY  ASSESSMENT.  (K) 

ESTABLISH  AND  IMPLEMENT  COMPUTER  OPERATION  CONTROL  PROCEDURES  TO  ENSURE  ACCURACY  AND 
COMPLETENESS  OF  THE  INFORMATION  MAINTAINED  AND  PROCESSED.  (K) 

ESTABLISH.  DOCUMENT,  AND  ENFORCE  PROCEDURES  FOR  TESTING  AND  IMPLEMENTING  SOFTWARE  CHANGES. 

(K) 

ESTABLISH  AND  IMPLEMENT  HARDWARE  CONTROLS  FOR  ALL  HARDWARE  PROCUREMENT  ACTIONS.  (K) 

ESTABLISH  AND  ENFORCE  CONTROL  PROCEDURES  FOR  DISTRIBUTED  PROCESSING  AND  NETWORK 
OPERATIONS  (K) 

REQUIRE  THAT  SYSTEM  DESIGN.  DEVELOPMENT,  AND  MODIFICATION  CONTROL  PROCEDURES  PROVIDE 
ADEQUATE  SEPARATION  OF  DUTIES  AND  ASSURES  USER,  MANAGEMENT,  AND  INTERNAL  AUDITOR 
PARTICIPATION.  (K) 

ESTABLISH  CONTROL  MECHANISMS  TO  ENSURE  THAT  DATA  REACHES  THE  COMPUTER  APPUCATION  WITHOUT 
LOSS.  UNAUTHORIZED  ADDITION  OR  MODIFICATION,  OR  OTHER  ERROR  (K) 

ESTABLISH  AND  ENFORCE  PROCEDURES  FOR  CONVERTING  AND  ENTERING  DATA  THROUGH  TERMINALS  AND 
DETAIL  THE  PROCESS  FOR  IDENTIFYING,  CORRECTING,  AND  REPROCESSING  DATA  REJECTED  BY  THE 
APPLICATION.  (K) 

DEVELOP,  DOCUMENT  AND  IMPLEMENT  CONTROL  PROCEDURES  FOR  PROCESSING  DATA  AND  SCHEDUUNG  DATA 
PROCESSING.  (K) 

DEVELOP.  DOCUMENT,  AND  IMPLEMENT  OUTPUT  CONTROL  PROCEDURES.  (K) 

DEVELOP  AND  IMPLEMENT  EFFECTIVE  CONTROLS  FOR  THE  ACQUISITION.  OPERATION  AND  SECURITY  OF 
MICROCOMPUTERS.  (1^ 

REQUIRE  WRITTEN  AUTHORIZATION  TO  USE  COMPUTER  EQUIPMENT  FOR  OFF-SITE  WORK.  (L) 


KEY 


YES  = Y 


NO  = N 


NOTAPPUCABLE  = N/A 


PARTIALLY  = P 


* Covers  Hardware,  Software,  and  Computer  Security  Related  Procedures. 

NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
COMPUTER  SECURITY* 


STEP  3 


WORKSHEET 

W3.6b 


System  Name/ldentificatlon: 


BOTH 


PROVIDE  CONFIGURATION  MANAGEMENT  CONTROLS.  (C,  E) 

REVIEW/APPROVE  AND  CERTIFY  DESIGN  OF  NEW  OR  CHANGED  HARDWARE/SOFTWARE.  (C.D.E.H) 

DEFINE.  EVALUATE,  AND  REEVALUATE  SECURITY  REQUIREMENTS  THROUGHOUT  SYSTEM  UFE-CYCLE. 
(C.D.E.H) 

AUDIT  SYSTEM,  (C.E.p) 

DEVELOP  AND  TEST  CONTINGENCY  PLAN,  INCLUDING  BACK-UP  AND  RECOVERY  FEATURES.  (A.C.p) 
TEST  HARDWARE  AND  SOFTWARE  PROTECTIVE  FEATURES.  (E.  p) 


CLASSIFIED 


PREPARE  ADP  SECURITY  PLAN,  (p) 

DEVELOP,  IMPLEMENT,  MAINTAIN,  AND  DOCUMENT  ALL  ADP  SECURITY  MEASURES,  (p) 

CLEAR  AND  SANITIZE  ADP  RESOURCES  FOR  CLASSIFIED  PROCESSING,  (p) 

DEVELOP  A CONTINGENCY  PLAN  TO  ENSURE  AVAILABIUTY  OF  CRITICAL  ADP  SYSTEMS,  (p) 

IDENTIFY  THE  CLASSIFICATION  LEVEL  OF  ALL  MAGNETIC  MEDIA,  (n) 

PERFORM  A RISK  ASSESSMENT  AT  LEAST  EVERY  3 YEARS,  (p) 

IDENTIFY  ADP  SECURITY  TRAINING  REQUIREMENTS  AND  DESIGNATE  WHO  WILL  RECEIVE  THE  TRAINING,  (p) 
ASSIGN  RESPONSIBILITY  FOR  CLASSIFIED  ADP  SYSTEMS,  (p) 

DEVELOP  COMPUTER  SECURITY  MANUALS  AND  GUIDEUNES  FOR  CLASSIFIED  ADP  SYSTEMS,  (p) 

REPORT  ANY  COMPUTER  SECURITY  INCIDENT,  (p) 

CONDUCT  SECURITY  SURVEYS  OF  ADP  CENTERS,  (m) 

UTILIZE  AUTHORIZED  TECHNIQUES  AND  PROCEDURES  FOR  THE  DESIGN,  TESTING,  AND  EVALUATION  OF 
CLASSIFIED  ADP  SYSTEMS,  (p) 

UTIUZE  ONLY  ACCREDITED  OR  APPROVED  CLASSIFIED  ADP  SYSTEMS,  (p) 

MAINTAIN  BACK-UP  OF  CRITICAL  SOFTWARE  AND  DATA,  (p) 

PROVIDE  CONFIGURATION  MANAGEMENT  CONTROLS  FOR  SOFTWARE,  HARDWARE.  AND  SECURITY 
MECHANISMS,  (p) 

ASSIGN  USERS  A UNIQUE  USER  ID/PASSWORD,  (p) 

CHANGE  USER  PASSWORDS,  (p) 

ESTABLISHAJTILIZE  AUDIT  TRAILS,  (p) 

STORE  AND  LABEL  CLASSIFIED  MEDIA  PROPERLY,  (p) 


KEY. 

YES  = Y 

NO  = N 

NOTAPPUCABLE  = N/A 

PARTIALLY  «P 

* Covers  Hardware,  Software,  and  Computer  Security  Related  Procedures. 

NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

REVIEW  OF  BASELINE 

SECURITY  REQUIREMENTS 
FOR:  PROCEDURES, 
ADMINISTRATION,  AND 
SECURITY  MANAGEMENT 

STEP  3 

WORKSHEET 

W3.7 

System  Name/ldentificatlon: 

SENSITIVE  ^ UNCtABSlFlEO  : 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


• ESTABLISH  AND  CONDUCT  TRAINING  AND  AWARENESS  FOR  USE  OF  SENSITIVE  DATA.  (A.B,E.H) 


• ESTABUSH  SECURITY  INCIDENTA^OLATION  REPORTING  SYSTEM.  (E) 


ESTABLISH  AND  IMPLEMENT  PROCEDURES  FOR  PROVIDING  DEVELOPED  AND/OR  MODIFIED  SCIENTIFIC  AND  TECHNICAL 
COMPUTER  SOFTWARE  TO  THE  CENTRALIZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  ACTIVITY.  (J) 

ADVISE  CENTRALIZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  ACTIVITY  OF  DIRECT  EXCHANGE  OF  SCIENTIFIC 
AND  TECHNICAL  COMPUTER  SOFTWARE  WITH  OTHER  PROGRAMS  OR  SPECIFIC  INFORMATION  ANALYSIS  CENTERS.  (J) 

COORDINATE  WITH  CENTRALIZED  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  FACIUTY  PRIOR  TO  DEVELOPING 
NEW  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE.  (J) 

IDENTIFY  ALL  SCIENTIFIC  AND  TECHNICAL  COMPUTER  SOFTWARE  SENT  TO  THE  CENTRALIZED  FACILITY  THAT  HAS 
GENERAL  UTIUTY.  (J) 

ENSURE  THAT  THE  APPROPRIATE  INSTRUCTIONS  FOR  CONTROLUNG  DISSEMINATION  OF  SCIENTIFIC  AND  TECHNICAL 
COMPUTER  SOFTWARE  ARE  INCLUDED  IN  ALL  SCIENTIFIC  AND  TECHNICAL  SOFTWARE  PACKAGES  PROVIDED  TO  THE 
CENTRALIZED  FACIUTY.  (J) 

ENSURE  THAT  PUBLIC  DISSEMINATION  OF  COMPUTER  SOFTWARE  WHICH  IS  TRANSMITTED  TO  THE  CENTRAL  FACILITY  WILL 
NEITHER  VIOLATE  THE  U S.  EXPORT  ADMINISTRATION  REGULATIONS,  THE  INTERNATIONAL  TRAFFIC  IN  ARMS  REGULATIONS, 
THE  NUCLEAR  NONPROLIFERATION  ACT,  OR  CONSTITUTE  THE  RELEASE  OF  SENSITIVE  INFORMATION  THAT  WOULD 
OTHERWISE  COMPROMISE  NATIONAL  SECURITY.  (J) 

ESTABLISH  AND  MAINTAIN  A SYSTEM  OF  MANAGEMENT  CONTROLS  FOR  ALL  PROGRAMS  AND  ADMINISTRATIVE  FUNCTIONS 
RELATED  TO  ADP  EQUIPMENT  ACQUISITION,  COMPUTER  FACIUTY  MANAGEMENT,  EQUIPMENT  UT1UZATION,  SOFTWARE 
DEVELOPMENT,  AND  AUTOMATED  MANAGEMENT  INFORMATION  SYSTEMS  DEVELOPMENT,  AS  DIRECTED  BY  THE  GAO  AND 
DOE.  (K) 

DEVELOP  MANAGEMENT  CONTROL  PLANS  TO  DESCRIBE  THE  SCHEDULE  FOR  ASSESSING  VULNERABIUTIES,  IDENTIFYING 
AND  IMPLEMENTING  NEEDED  IMPROVEMENTS,  AND  TESTING  INTERNAL  CONTROLS.  (K) 


• EVALUATE  THE  EFFECTIVENESS  OF  INTERNAL  CONTROLS  ON  A CONTINUING  BASIS.  (K) 


ESTABUSH  INTERNAL  CONTROL  PROGRAMS  TO  DETECT  WASTE,  LO^,  MISMANAGEMENT,  UNAUTHORIZED  USE,  OR 
MISAPPROPRIATION.  (K) 


• CONDUCT  REVIEWS  OF  FINANCIAL  MANAGEMENT  SYSTEMS  AS  REQUIRED.  (K) 


• DEVELOP  A MANAGEMENT  CONTROL  PLAN  AS  APPROPRIATE.  (K) 


• REPORT  RESULTS  OF  INTERNAL  CONTROL  SYSTEM  EVALUATIONS  AS  REQUIRED.  (K) 


• ESTABUSH  AND  IMPLEMENT  AN  INTERNAL  CONTROL  ACTIVITY  TRACKING  PROGRAM  AS  APPROPRIATE.  (K) 


BOTH 


ESTABLISH  PROGRAM  MANAGEMENT  ORGANIZATION/POSITIONS  FOR  SENSITIVEADLASSIFIED  DATA  AND  PROGRAMS. 
(A,B,C,E) 


CtASSiFiEO 


ESTABUSH  PROCEDURES  FOR  IDENTIFYING  AND  REPORTING  VIOLATIONS  OF  LAW,  LOSSES,  AND  INCIDENTS  OF  SECURITY 
INTEREST  TO  APPROPRIATE  AUTHORITIES.  (I) 

REPORT  ANY  SERIOUS  -SECURITY  INCIDENTS  TO  THE  IG.  (m) 


KEY: 


YES  = Y 


NO  = N 


NOTAPPUCABLE  = N/A 


PARTIALLY  = P 


1)  NOTE:  A letter  in  parenthesis  follows  each  title  or  inrfvidual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  Ust,  Resource  Table  R3. 

(2)  NOTE:  Administrative  Procedures  for  a specific  secunty  discipline  (e.g.,  physical,  computer,  etc.)  are  listed  under 
that  discipline  area. 
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DEPARTMENT  OF  ENERGY 

REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS  FOR: 
ENVIRONMENTAL 
SECURITY/SAFETY 

STEP  3 

ADP  SYSTEM  RISK  ASSESSMENT 

WORKSHEET 

W3.6a 

System  Name/ldentificatlon: 

80TK 

• ESTABUSHATHUZE  DESIGN  REVIEW  PROCESS  FOR  ALL  NEW/MOOIFIED  BUILDINGS  TO  ASSURE  FIRE 
DETECTIOfO'PREVENTlON  ISSUES  ARE  ADDRESSED,  (e) 


• SEGREGATE  AND  RESTRICT  THE  OUANTITY  OF  HAZARDOUS  MATERIAL  STORAGE,  (e) 


• UTIUZE  FLAME/SMOKE  RESISTANT  INTERIOR  FINISH  MATERIALS,  (e) 


• SELECT  FIRE  PROTECTION  SYSTEM  BASED  ON  VALUE  OF  FACIUTY  AND  CONTENTS,  (e) 


• PROTECT  STORAGE  AREAS  AND  ROOMS  AGAINST  FIRES.  (A,  e) 


SELECT  FIRE  PREVENTION  MEASURES  (AMOUNT,  TYPE.  ETC.)  BASED  ON  IMPORTANCE  OF  PROGRAM  (HOW  VITAL  IT  IS)  AND 
• THE  TIME  ALLOWED  FOR  SHUT  DOWN  OF  THAT  PROGRAM,  (e) 


• CONDUCT  SELF-AUDITS  AND  INSPECTIONS  USING  FIRE  PROTECTION  EXPERTS,  (e) 


• DEVELOP,  MAINTAIN,  TEST  FIRE  EMERGENCY  PLAN,  (e.f) 

• TRAIN  PERSONNEL  IN  FIRE  DETECTION/PREVENTION,  (e) 

• INSTALL  FIREWALLS,  FIRE  DOORS,  DRAFT  BARRIERS  TO  CONTAIN  RRE.  (e) 

• IMPLEMENT  SPECIAL  FIRE  CONTROL  SYSTEM  FOR  HAZARDOUS  MATERIALS,  (e) 


• INSTALL  AUTOMATIC  FIRE  DETECTION/REPORTING  CAPABIUTY.  (e) 


• INSTALL  AUTOMATIC  SPRINKLER  PROTECTION  FOR  ALL  COMBUSTIBLE  CONSTRUCTION  AND  COMPUTER  ROOMS,  (e.f) 


• UTIUZE  METAL  FURNISHINGS  IN  COMPUTER  AREA,  (f) 


• PROHIBIT  SMOKING,  (f) 


• PROHIBIT  BULK  STORAGE  OF  RECORDS,  SUPPUES,  COMBUSTIBLE  MATERIALS,  (f) 


• UTILIZE  NON-COMBUSTIBLE  CABLE  TRAYS  AND  FLAME  RETAR'^ENT  INSULATION  OR  JACKETS  FOR  CABLES  (f) 


• INSTALL  SEPARATE  FIRE  ALARM  SYSTEM  FOR  COMPUTER  ROOM,  (e.f) 


LIMIT  AMOUNT  OF  COMPUTER  EQUIPMENT  IN  ^ ROOM  TO  $1  ,(XX),000  VALUE  AND  HAVE  4 HOUR  FIREWALLS  WHEN  VALUE 
• DICTATES  DIVISION  OF  AREA  INTO  SEPARATE  ROOMS,  (e) 


• DISALLOW  AIR  DUCTS  THAT  SERVE  OTHER  AREAS  OR  REQUIRE  THAT  THEY  BE  FIRE  RESISTANT  DUCTS,  (e.  f) 


• AVOID  BUNDUNG  CABLES  IN  LARGE  GROUPS,  (e,  f) 


• REMOVE  ALL  ABANDONED  CABLE  FROM  PREMISES  (e,  f) 


• MINIMIZE  STORAGE  OF  UNUSED  CABLES  UNDER  FLOOR  SPACES  OR  IN  TRAYS,  (e,  0 


• STORE  ALL  COMPUTER  PAPER  SUPPLIES  IN  METAL  CONTAINERS,  (e.f) 


• PROMINENTLY  LABEL  MASTER  CONTROL  SWITCH  FOR  ALL  EQUIPMENT  AT  EACH  EXIT  TO  THE  FACILi , /.  (e, 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


] KEY:  YESi^Y NO  = N NOT  APPUCABLE  = N/A PARTIALLY -P 

NOTE:  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  DOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


REVIEW  OF 
BASELINE  SECURITY 
REQUIREMENTS: 
ENVIRONMENTAL 
SECURITY/SAFETY 


STEP  3 


WORKSHEET 

W3.8b 


System  Name/ldentificatlon: 
BOTH  (Continued) 


• INSTALL  AUTOMATIC  SPRINKLER  AND  DETECTION  SYSTEMS  IN  STORAGE  ROOMSA^AULTS.  (e,  f) 


• INSTALL  RAISED  FLOORING,  (e.  f) 


• SITUATE  COMPUTER  FACILITIES  IN  NON-TRADITIONAL  MOBILE  BUILDING  STRUCTURES  A MINIMUM  OF  50  FEET  FROM 
NEAREST  ADJOINING  STRUCTURE  AND  CONSTRUCT  WITH  NON-COMBUSTIBLE  MATERIALS.  (0 


• ASSIGN  RESPONSIBIUTY  FOR  IDENTIFYING  RRE  AND  PLANNING  FACIUTYS  RRE  PREVENTION  AND  DETECTON 
NEEDS . (e) 


CLASSIFIED 


• PROHIBIT  UNAUTHORIZED  STORAGE  OF  SPECIAL  NUCLEAR  MATERIAL  (m) 


KEY;  YES  = Y NO  = N NOT  APPUCABLE  =.  N/A  PARTIALLY-P 


NOTE;  A letter  in  parenthesis  follows  each  title  or  individual  entry.  Each  letter  refers  to  a specific  IDOE  order. 

To  identify  the  specific  document  from  which  a requirement  is  taken,  refer  to  the  Master  List,  Resource  Table  R3. 
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STEP  4 
WORKSHEETS 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
THE  PHYSICAL 
FACILITY 

STEP  4 

WORKSHEET 

W4.1 

-IMPACT  AREAS- 

PHYSICAL  FACILITY  * 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

iimii 

STORMS 

>/ 

V 

V 

V 

EARTHQUAKES 

V 

V 

V 

V 

Fm 

V 

V 

V 

V 

FLOOD 

V 

V 

V 

HURRICANE 

V 

V 

V 

V 

TORNADO 

V 

V 

V 

INTEI^IONAL  HUMAN  THREATS: 

INSIDER  OR  OUTSIDER 

TERRORIST  INCIDENT 

V 

V 

V 

BOMBING 

V 

V 

V 

RIOT/CIVIL  DISORDER 

>/ 

V 

yf 

V 

SABOTAGE 

V 

V 

V 

V 

Af^S'O'N 

V 

V 

^ 

VANDALISM 

V 

V 

V 

THEFT 

V 

V 

gNAUTHORI?f  P ACCESS 

V 

V 

y/ 

V 

MISAPPROPRIATION 

V 

V 

V 

yj 

NEGLECT 

V 

V 

V 

V 

STRIKES 

V 

UNINTENTIONAL  HUMAN  THREATS: 

INSIDER  OR  OUTSlOei 

' % 

ACCIDENTS 

N 

V 

V 

V 

OPERATIONAL7PROCEDURAL  ERRORS 

V 

V 

V 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

NEGLECT 

V 

V 

V 

ENVIRONMEN'^^TKREATS:  ' 

iiMiiiiiiiiii 

HEATING/COOLING  SYSTEM  FAILURE 

■V 

V 

yl 

POWER  FLUCTUATIONS/OUTAGE 

TEMPERATURE/HUMIDITY  FLUCTUATIONS 

yl 

yl 

STRUCTURAL  FAILURE 

V 

V 

V 

V 

* PHYSICAL  FACILITY  INCLUDES  THE  BUILDING,  COMPUTER  ROOM,  SUPPORTING 
UTILITIES,  NON-ADP  EQUIPMENT,  AND  SUPPLIES. 


♦ 

♦ 

♦ 

4- 

4- 

4- 

♦ 

♦ 

♦ 

4- 

♦ 

♦ 

♦ 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
PERSONNEL 

STEP  4 

WORKSHEET 

W4.2 

- IMPACT  AREAS  - 

PERSONNEL  * 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS: 

STORMS 

V 

V 

V 

EARTHQUAKES 

V 

V 

FIRE 

V 

V 

V 

FLOOD 

V 

V 

V 

fTORRfCANE 

V 

'V 

V 

POLLUTION 

>/ 

V 

V 

TORNADO 

V 

V 

V 

LIGHTNING 

V 

V 

V 

intentional  HUWAN  TH 

msiDER  OR  Qwmom 

TERRORIST  INCIDENT 

V 

V 

V 

BOMBING 

V 

V 

V 

RIOT/CIVIL  DISORDER 

V 

V 

V 

STRIKES 

V 

kTCKiAI^>F^(N6 

1 

V 



V 

ASSAULT 

V 

V 

V 

V 

MURDER 

V 

V 

UNINTENTIONAL  HUMAN  THREATS: 

mSIOER  OR  OUTSIDER 

ACCIDENTS 

V 

V 

V 

V 

OPERATIONAUPROCEDURAL  ERRORS 

V 

V 

V 

V 

EMOTIONAL,  MENTAL,  HEALTH  PROBLEMS 

V 

V 

V 

V 

THREATS:  . / 

HEATING/COOLING  SYSTEM  FAILURE 

V 

V 

POWER  OUTAGE 

V 

STRUCTURAL  FAILURE 

V 

V 

* PERSONNEL  INCLUDES  THE  COMPUTER  OPERATOR(S),  SYSTEM  MANAGER,  COMPUTER 


SECURITY  OFFICIAL,  DATA  BASE  ADMINISTRATOR,  ETC. 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
INFORMATION,  DATA, 
AND  EMISSIONS 

STEP  4 

WORKSHEET 

W4.3 

-IMPACT  AREAS- 

INFORMATION,  DATA,  AND  EMISSIONS 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

STORMS 

v/ 

V 

V 

V 

EARTHQUAKES 

i 

V 

V 

V 

FIRE 

y/ 

V 

V 

V 

FLOOD 

i 

\ 

V 

y. 

HURRICANE 

vf 

V 

V 

V 

POLLUTION 

y/ 

V 

y 

TORNADO 

y/ 

V 

V 

y 

LIGHTNING 

V 

y 

WTENTlOHAi  HUMAN  THREATS: 

INSIDER  OR  OUTSIDER 

iiiiiiiiiiiiliii 

TERRORIST  INCIDENT 

V 

< 

V 

y 

BOMBING 

V 

V 

y 

RIOT/CIVIL  DISORDER 

V 

V 

y 

SABOTAGE 

V 

t 

V 

y 

" "ARSOW 



V 

V 

y 

VANDALISM 

V 

V 

y 

THEFT 

V 

y 

UNAUTHORIZED  ACCESS 

V 

y 

MfSAPPR'OPR'lA'TfO'N 

* * ^ * * * * 

V 

********  0 * \ *****  0 0 * 9 

V 

V 

* * * * * 

y 

WIRETAPPING/EAVESDROPPING 

V 

VIRUS 

V 

V 

V 

y 

TRAPDOOR 

V 

V 

V 

y 

TROJAN  HORSE 

V 



,y 

Masquerade 

V 



V 

V 

y 

ERASURE 

V 

y 

EMISSION  INTERCEPTION 

V 

STRIKES 

y 

UNINTENTIONAL  HUMAN  THREATS;  < 

INSIDER  OR  OUTSIDER 

ACCIDENTS 

V 

V 

V 

y 

OPERATIONAL/PROCEDURAL  ERRORS 

V 

V 

V 

y 

HARDWARE  FAILUREA4ALFUNCTION 

V 

V 

V 

y 

SOFTWARE  ERRORS 

V 

< 

V 

y 

ERASURE 

'yf 

y 

NEGLIGENCE 

V 

V 

V 

EMOTIONAL,  MENTAL,  HEALTH  PROBLEMS 

V 

yl 

V 

ENVIRONMENTAL  THREATS; 

- 

HEATING/COOLING  SYSTEM  FAILURE 

V 

V 

y 

POWER  FLUCTUATIONSOUTAGE 

V 

V 

y 

TEMPERATUREAHUMIDfTY  FLUCTUATIONS 

V 

V 

y 

STRUCTURAL  FAILURE 

V 

V 

V 

y 

♦ 

♦ 

4- 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

♦ 


^ INFORMATION,  DATA,  AND  EMISSIONS  INCLUDE  BOTH  HARD-COPY  AND 
ELECTRONICALLY  STORED  DATA,  AND  ELECTRONIC  EMISSIONS. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
COMMUNICATIONS 

STEP  4 

WORKSHEET 

W4.4 

- IMPACT  AREAS  - 

COMMUNICATIONS  * 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS? 

liiiiilliij 

lllil 

' 

STORMS 

V 

V 

< 

EARTHQUAKES 

V 

V 

V 

V 

FIRE 

V 

V 

V 

V 

FLOOD 

V 

, 

V 

V 

HURRICANE 

V 

< 

-7 

TORNADO 

V 

< 

V 

< 

LIGHTNING 

V 

V 

INTEHTIONAt  HUMAN  THREATS; 

INSIDER  OR 

OUTSIDER 

TERRORIST  INCIDENT 

< 

< 

>/ 

yl 

BOMBING 

V 

V 

V 

V 

RIOT/CIVIL  DISORDER 

V 

< 

V 

V 

SABOTAGE 

V 

i 

V 

V 

ARSON 

V 

V 

V 

V 

VANDALISM 

V 

V 

V 

V 

THEFT 

V 

V 

UNAUTHORIZED  ACCESS 



A 

V 

V 

MISAPPROPRIAtlON 

T 

•7 

WIRETAPPING/EAVESDROPPING 

V 

NEGLECT 

V 

V 

V 

V 

STRIKES 

V 

UNINTENTIONAL  HUMAN  THREATS: 

INSIDER  OR 

OUTSiOEB^  , 

ACCIDENTS 

V 

V 

V 

V 

OPERATIONAL7PROCEDURAL  ERRORS 

< 

V 

V 

V 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

V 

V 

NEGLECT 

V 

V 

V 

V 

ENVmONMEHTAt,.,THREATS;  . t 

HEATING/COOLING  SYSTEM  FAILURE 

V 

V 

V 

POWER  FLUCTUATIONS/OUTAGE 

V 

V 

V 

TEMPERATURE/HUMIDITY  FLUCTUATIONS 

V 

V 

V 

STRUCTURAL  FAILURE 

V 

V 

V 

V 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 

4 


4 

4 

4 

4 

4 

4 


* COMMUNICATIONS  INCLUDES  ALL  COMMUNICATION  CAPABILITIES  AND  EQUIPMENT: 
LINES,  NETWORKS,  COMSEC  SECURITY  DEVICES,  PROTECTED  DISTRIBUTION  SYSTEMS, 
PHONES,  MODEMS,  ETC. 
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4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 


* COMPUTER  HARDWARE  INCLUDES  THE  CPU,  PERIPHERALS,  CONTROLLERS,  ETC. 


DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
COMPUTER 
HARDWARE 

STEP  4 

WORKSHEET 

W4.5a 

-IMPACT  AREAS- 

COMPUTER  HARDWARE  * 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS: 

liiiiiiiiiiil 

iHiiiiiiiiiiiiii 

STORMS 

V 

V 

yl 

EARTHQUAKES 

V 

V 

V 

yl 

FIRE 

V 

V 

V 

V 

,„FL00P 

V 

i 

y. 

HURRICANE 

V 

V 

V 

POLLUTION 

V 

yl 

TORNADO 

V 

V 

yl 

yl 

LIGHTNING 

V 

>/ 

V 

INTENTtONAL  HUMAN  THREATS: 

INSIDER 

OR  i 

OUTSIDER 

TERRORIST  INCIDENT 

V 

V 

V 

BOMBING 

V 

V 

yi 

yl 

RIOT/CIVIL  DISORDER 

V 

V 

V 

yl 

SABOTAGE 

V 

V 

yl 

yl 

ARSON 

V 

.>/ 

yl 

VANDALISM 

V 

V 

yl 

V 

THEFT 

V 

V 

V 

V 

UNAUTHORIZED  ACCESS 

V 

V 

V 

yl 

MISAPPROPRIATION 

V 

V 

V 

VIRUS 

V 

TRAP  DOOR 

TROJAN  HORSE 

yl 

NEGLECT 

V 

V 

V 

STRIKES 

yl 

UNINTENTIONAL  HUMAN  THREATS: 

INSIDER 

OR 

OUTSIDER 

ACCIDENTS 

V 

V 

V 

V 

OPERATIONAUPROCEDURAL  ERRORS 

V 

V 

V 

V 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

NEGLIGENCE 

V 

V 

V 

ENVmONMENTA^pREATS:  . 

HEATING/COOLING  SYSTEM  FAILURE 

V 

V 

V 

POWER  FLUCTUATIONS/OUTAGE 

V 

V 

V 

TEMPERATURE/HUMIDITY  FLUCTUATIONS 

V 

V 

V 

STRUCTURAL  FAILURE 

V 

V 

V 

V 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
COMPUTER 
SOFTWARE 

STEP  4 

WORKSHEET 

W4.5b 

-IMPACT  AREAS- 

COMPUTER  SOFTWARE  * 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS: 

STORMS 

V 

V 

EARTHQUAKES 

V 

V 

V 

V 

FIRE 

V 

V 

V 

V 

FLOOD 

V 

V 

V 

V 

HUf^ft'lCANt 

V"" 

T 

V 

POLLUTION 

V 

V 

V 

TORNADO 

V 

V 

V 

< 

LIGHTNING 

V 

V 

iNTENTiOHAL  HUMAN  THREATS: 

INSIDER  OR  OUTSIDER 

TERRORIST  INCIDENT 

V 

V 

V 

BOMBING 

V 

V 

RIOT/CIVIL  DISORDER 

V 

>/ 

V 

SABOTAGE 

V 

V 

V 

ARSON 

V 

V 

V 

VANDALISM 

V 

V 

V 

THEFT 

V 

V 

V 

V 

UNAUTHORIZED  ACCESS 

V 

.>/ 

V 

V 

MISAPPROPRIATION 

"7 

\ 

V 

'>? 

VIRUS 

V 

V 

V 

V 

TRAP  DOOR 

V 

>/ 

V 

V 

TROJAN  HORSE 

V 

± 

V 

V 

MASQUERADE 

V 

V 

7 

ERASURE 

V 

V 

V 

NEGLECT 

V 

V 

V 

STRIKES 

V 

V 

V 

UNlNTENTtONAL  HUMAN  THREATS:  >‘ 

INStOER  OR 

OUTSIDER 

ACCIDENTS 

V 

V 

V 

OPERATIONAL7PROCEDURAL  ERRORS 

< 

V 

HARDWARE  FAILURE/MALFUNCTION 

V 

V 

V 

^RASUR^ 

V"" 

V 

V 

NEGLIGENCE 

V 

V 

V 

PROGRAMMING  ERRORS 

V 

V 

V 

V 

.liSNVmONMENTAL^I^THREATSiiils^ 

HEATING/COOLING  SYSTEM  FAILURE 

V 

V 

V 

POWER  FLUCTUATIONS/OUTAGE 

V 

V 

V 

TEMPERATUREAHUMIDITY  FLUCTUATIONS 

V 

< 

V 

STRUCTURAL  FAILURE 

V 

V 

♦ 

4- 

♦ 

♦ 

♦ 

♦ 

♦ 

4- 

4> 

♦ 

♦ 

♦ 

4- 

♦ 

♦ 

4- 

♦ 

4- 

♦ 


* COMPUTER  SOFTWARE  INCLUDES  OPERATING  SYSTEM  SOFTWARE,  APPLICATIONS 
SOFTWARE.  UTILITIES  SOFTWARE.  ETC. 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

THREATS  TO  AND 
VULNERABILITIES  OF 
ADP  SYSTEM 
PROCEDURES, 
ADMINISTRATION  AND 
MANAGEMENT 

STEP  4 

WORKSHEET 

W4.6 

-IMPACT  AREAS- 

AnP  ^V^TPM  PROPPm  IRP^ 

ADMINISTRATION  AND  MANAGEMENT 

DAMAGE 

DESTRUCTION 

DISCLOSURE 

DENIAL 

NATURAL  THREATS: 

STORMS 

> 

V 

V 

V 

EARTHQUAKES 

> 

yl 

V 

V 

FIRE 

> 

V 

yl 

V 

FLOOD 

>/ 

V 

yl 

V 

HURRICANE 

V 

V 

yl 

V 

TORNADO 

V 

V 

yl 

V 

INTENTJOHAL  HUMAN  THREATS: 

INSIDER  OR  OUTSIDER 

' 

TERRORIST  INCIDENT 

V 

V 

V 

V 

BOMBING 

V 

V 

V 

yl 

RIOT/CIVIL  DISORDER 

V 

V 

yl 

V 

SABOTAGE 

V 

>/ 

yl 

yl 

ARSON 

V 

>/ 

V 

V 

vandalism 

V 

V 

'yf 

THEFT 

yl 

V 

UNAUTHORIZED  ACCESS 

V 

V 

yl 

yl 

NEGLECT 

V 

V 

V 

V 

URIHTEN*«0NAL^^ 

INSIDER  OR  OUTSfDSR 

ACCIDENTS 

V 

V 

V 

yl 

OPERATIONAUPROCEDURAL  ERRORS 

V 

V 

V 

V 

NEGLECT 

V 

V 

V 

V 

EMOTIONAL,  MENTAL.  HEALTH  PROBLEMS 

V 

>/ 

V 

V 

POWER  OUTAGE 

V 

TEMPERATURE/HUMIDITY  FLUCTUATIONS 

V 

V 

V 

STRUCTURAL  FAILURE 

>/ 

V 

yl 

* PROCEDURES,  ADMINISTRATION,  AND  MANAGEMENT  INCLUDES  ALL  PROCEDURAL, 
ADMINISTRATIVE  AND  ORGANIZATIONAL  FUNCTIONS,  DOCUMENTATION  AND  GENERAL 
BUSINESS/PRACTICES  THAT  ARE  NECESSARY  TO  EFFECTIVELY  OPERATE/USE  THE  SYSTEM. 


4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 

4 
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STEP  5 
WORKSHEETS 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

COUNTERMEASURES 
IDENTIFICATION  AND 

RISK  PROFILE  ACCEPTANCE 

STEP  5 

WORKSHEET 

W5 

1.  System  Name/identification 

2.  SECURITY 
DISCIPLINE 
AREA 

(a)  ACCEPT 
CURRENT 
RISK  PROFILE 
(YES  OR  NO) 

(b)  COUNTERMEASURES 

TO  BE  IMPLEMENTED 

(C) 

APPROX. 

COST 

(d) 

PRIORITY 

(a) 

TARGET 

DATE 

a.  Phyalcal 

Security; 

b.  Personnel 
Security: 

c.  Information 
Security: 

d.  Communications 
Security: 

e.  Emissions 
Security 
(TEMPEST): 

f.  Computer 

Security  (Hard* 
ware  & Software): 

g.  Administrative/ 
Procedural 
Security  and 
Security 
Management 

h.  Environmental 
Security  and 
Safety: 

♦ 

♦ 

♦ 

4- 

■4 

♦ 

♦ 

■4 

-4 

♦ 

<4 

♦ 

♦ 

♦ 

•4 

♦ 

+ 

-4 

<4 

4 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

1 


mam0lWO0RAPHlQ  Am  jjPUmSTnATnm^f^PfMATtOH 

SytUm  Nam«/ld* *ntlfication:  


Organization/Uaar: 


DOE  Facility  Nama:  _ 
Sita/Location:  _ 
Facility  Addraaa: 


0. 

LU 

H 

C/) 


CSSO  or  Paraon  Performing  Risk  Aaaaaamant: 

Nama:  

Organization:  

fb.  PRiMABYiSYSTEMySE 

I I Academic/Reaaarch 
I I Adminiatration  Management 
O Engineering/Design 


1C.  $Y$T£M  CONNBCmtTY 

stand  Alone  Syatem:  O 


Network  Syatem: 
LAN:  □ 

I I : Open 
I I : Cloaed 


Location:  

Phone  No.:  ( ) 


O Scientific/Technical 
O Manufacturing/Production 
[□  Other 


WAN:  □ 


Id.  TYPE  OP  SYSma 


□ SMALL/SIMPLE  SYSTEM 

□ LARGE/COMPLEX  SYSTEM 

□ Memory  Typewriter  □ CAD/CAM/Graphica 

□ Word  Processor  Workstation 

□ Personal  Computer  ^ Other: 

r~l  CAD/CAM/Graphics  CD  Super-Computer 

Workstation  _ 

□ Other: 

□ Mini-Computer 

□ Mainframe 

1 1 Smart  Terminal 

- 

m SVUMAPY  OF  SYSTemPEtmoei^ENT  COSTS 


Replacement  Costs 

Very  Low 

Low 

Medium 

High 

Very  High 

(1)  Hardware  Coat: 

□ 

□ 

□ 

□ 

□ 

(2)  Software  Coat: 

□ 

□ 

CD 

□ 

□ 

(3)  Data  Cost: 

□ 

□ 

□ 

□ 

□ 

(4)  Total  System  Coat: 

□ 

□ 

CD 

□ 

□ 

If,  STATUS  OF  SYSrmMACmiPS 

YES: 

All  Needed 
Back-ups  Exiet 


NO: 

Beck-upe 
Are  Needed 


Identity  Additional  Back-upa  Required: 


• Software  Back-ups  □ □ 

. Data  Back-upa  □ □ 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

2 


2a.  mismvtn  Off  ciAssfmArwH  of  softwabb  ano  oata 


(1)  SOFTWARE  (APPLICATIONS,  PROGRAMS): 


O Unclatsifltd 


O Sensitive  Unclaeeified 
if  Applicable,  Check: 


Vital  Records 

□ 

UCNi 

IZI 

Privacy  Act 

□ 

OUO* 

□ 

Other 

□ 

O Claeeified 
• Highest  Level 


• Applicable  Categories 
(RD,  FRD,  NSI,  PARD) 

• Mode  of  Operation 


(2)  DATA: 

O Unclaeeified 


O Seneitive  Unclaeeified 
If  Applicable,  Check: 


Vital  Records 

□ 

UCNI 

□ 

Privacy  Act 

IZI 

OUO* 

□ 

Other 

□ 

IZI  Classified 
• Highest  Level 


Applicable  Categories 
(RD,  FRD,  NSI,  PARD) 


2mOV£RALL  fMPOfiTANC£  OF  A SYSTBM,  BOFTWAm  ANp  OATA 


CM 

0. 

LU 

H“ 

(/) 


1.  SYSTEM 


Number  of  Users; 
Frequency  of  Use: 
Impact  if  Unavailable: 


Very  Low 

Low 

Medium 

Hlqh 

Very  High 

IZI 

□ 

IZI 

IZI 

IZI 

IZI 

□ 

□ 

□ 

□ 

IZI 

IZI 

IZI 

□ 

□ 

2.  SOFTWARE 

Frequency  of  Use: 
Impact  if  Unavailable: 


Note  Additional  Back-up 
Requirements: 


Very  Low 

Low 

Medium 

Hiflh 

Very  High 

O 

IZI 

□ 

□ 

□ 

IZI 

□ 

□ 

LJ 

IZI 

3.  DATA 


Frequency  of  Use: 

impact  if  Unavailable: 

Note  Additional  Back-up 
Requirements: 


Very  Low 

Low 

Medium 

High 

Very  High 

IZI 

IZI 

IZI 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

* Possible  future  category. 
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DEPARTMENT  OF  ENERGY 
ADP  SYSTEM  RISK  ASSESSMENT 


EXECUTIVE  SUMMARY 


PAGE 

3 


a.  AASBUtm  SEcvmrr  s^wRsuBfirs  REvmw 


BLSR 

BY  SECURITY 
DISCIPLINE 

(■)  ALL 
RQMTS. 
MET 

(YES  OR  NO) 

(b)  NOTED  DEFICIENCY(IES) 

(c) 
WILL 
DO  BY 

(d) 

COMMENTS  AND/OR 
SUPPLEMENTARY 
UPGRADES 

a)Physjcal 

Security: 

b)Peraonnel 

Security: 

c)  Information 
Security: 

d)  Communications 
Security: 

e)Emissions 

Security 

(TEMPEST): 

f)  Computer 
Security 
(Hardware  and 
Software): 

g)ProcedurBl/ 
Administrative 
Security  and 
Security 
Management: 

h)Environmental 
Security  and 
Safety: 

(2)  Bated  on  reaulta  of  Step  1 and  Step  2,  are  the  meaaurea  ln*place  aufficient  given: 

Hardware  and  Software:  Coet(a)  Yea  [*""1  r~~~l  No 

System  Software  and  Data:  Characteriatice  and  Importance  Yea  |~~|  I I No 


(3)  Commenta: 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

EXECUTIVE  SUMMARY 

PAGE 

4 

1 4. 

THREAT  ANO 

W^ERABIUTY  ANALYStS  REVfSW 

(1)  ASSET 

AREA 

(a)  THREATS  AND  VULNERABILITY(IES) 

(b) 

PROBA- 

BILITY 

(H,II.L) 

(e) 

PRIORITY 

OF 

CONCERN 

• ) Physical 
(Facility): 

h)  Personnel: 

c)  Information, 

Data,  and 
Emiaaions: 

d)  Communications: 

• ) Computer  (Hard- 
ware & Software): 

f)  Procedures, 
Administration, 
and 

Management: 

9)  Operational 
Environment 
and  Safety: 
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DEPARTMENT  OF  ENERGY 

ADP  SYSTEM  RISK  ASSESSMENT 

EXECUTIVE  SUMMARY 

PAGE 

6 

6.  mmae/ifENT  moBiSTANotNG  Of  m$K  pnom£  Am  coirnmn/tBASims  neoumBo 


<o 


l/We  have  carefully  aaaeaaed  the  ri8k(8)  to  the  eyetem, 

It8  aeeoclated  perlpherale,  (If  applicable)  ita  remote  proceeeing  terminaia,  and  telecommunicationa 

iinka.  Based  upon  the  assessment  conducted  by  (your  name), 

the  implemented  security  measures  and/or  planned  corrective  measures  are/will  be  sufficient 
to  manage  the  risks  identified  for  this  system. 


Q. 

UJ 


Name: 


Title: 


Signed: 


Date: 


Name: 


Title: 


Signed: 


Date: 


COMMENTS: 
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GLOSSARY 


The  purpose  of  the  glossary  is  to  provide  definitions  and/or  descriptions  of 
terms  used  in  this  Guideline.  The  terms  were  drawn  from  three  sources: 

(1)  the  DOE  Computer  Security  Glossary,  prepared  by  Lawrence  Livermore 
National  Laboratory  and  United  States  Air  Force,  HQ/SCTT,  October  23, 
1987; 

(2)  DOE  Order  1360. 2A,  Unclassified  Computer  Security  Program,  5-20-88; 
and 

(3)  DOE  Order  5637.1,  Classified  Computer  Security  Program,  1-29-88. 

In  addition,  terms  for  selected  countermeasures  were  added  to  provide  any 
clarifications  needed  by  the  user. 


ACCEPTABLE  LEVEL  OF  RISK  A judicious  and  carefully  considered  assessment  that 
an  automatic  data  processing  (ADP)  activity  or  network  meets  the  minimum 
requirements  of  applicable  security  directives.  The  assessment  should  take 
into  account  the  value  of  ADP  assets;  threats  and  vulnerabilities; 
countermeasures  and  their  efficacy  in  compensating  for  vulnerabilities  and 
operational  requirements. 

ACCESS  The  ability  and  the  means  to  approach,  communicate  with  (input  to  or 
receive  output  from),  or  otherwise  make  use  of  any  material  or  component  in  an 
ADP  system.  Personnel  only  receiving  output  products  from  the  ADP  system  and 
not  inputting  to  or  otherwise  interacting  with  the  system  (i.e.,  no  "hands  on" 
or  other  direct  input  or  inquiry  capability)  are  not  considered  to  have  ADP 
system  access  and  are  accordingly  not  subject  to  the  personnel  security 
requirements.  Such  output  products,  however,  shall  either  be  reviewed  prior  to 
dissemination  or  otherwise  determined  to  be  properly  identified  as  to  content 
and  classification. 

ACCESS  CONTROL  The  process  of  limiting  access  to  the  resources  of  a system  to 
authorized  users,  programs,  processes,  other  systems,  or  networks. 

ACCESS  CONTROL  MEASURES  Hardware  and  software  features,  physical  controls, 
operating  procedures,  management  procedures,  and  various  combinations  of  these 
designed  to  detect  or  prevent  unauthorized  access  to  an  ADP  system  and  to 
enforce  access  control . 

ACCOUNTABILITY  The  quality  or  state  which  enables  violations  or  attempted 
violations  of  ADP  system  security  to  be  traced  to  individuals  who  may  then  be 
held  responsible. 

ACCREDITATION  The  documented  authorization,  by  the  designated  authority, 
granted  to  an  organization  or  individual  to  operate  an  ADP  system  or  network  in 


191  - 


a specific  environment  to  process,  store,  transfer  or  provide  access  to 
classified  information. 

ADMINISTRATIVE  SECURITY  The  management  constraints;  operational, 
administrative,  and  accountability  procedures;  and  supplemental  controls 
established  to  provide  an  acceptable  level  of  protection  for  data.  Synonymous 
with  PROCEDURAL  SECURITY. 

ADP  FACILITY  One  or  more  rooms,  generally  contiguous,  containing  the  elements 
of  an  ADP  system. 

ADP  SECURITY  Measures  required  to  protect  against  unauthorized  (accidental  or 
intentional)  disclosure,  modification,  or  destruction  of  ADP  systems  and  data, 
and  denial  of  service  to  process  data.  ADP  security  includes  consideration  of 
all  hardware/software  functions,  characteristics,  and/or  features;  operational 
procedures,  accountability  procedures,  and  access  controls  at  the  central 
computer  facility,  remote  computer,  and  terminal  facilities;  management 
constraints;  physical  structures  and  devices;  and  personnel  and  communication 
controls  needed  to  provide  an  acceptable  level  of  risk  for  the  ADP  system  and 
for  the  data  or  information  contained  in  the  system. 

ADP  SYSTEM  An  assembly  of  computer  hardware,  firmware,  telecommunications, 
interconnections  with  other  ADP  equipment  (e.g.,  networks),  and  the  entire 
collection  of  software  that  is  executed  on  that  hardware.  Included  in  this 
definition  are  word  processors,  microprocessors,  personal  computers, 
controllers,  automated  office  support  systems  (AOSS),  or  other  stand-alone  or 
special  computer  systems. 

ADP  SYSTEM  SECURITY  Includes  all  hardware/software  functions,  characteristics, 
and  features,  operational  procedures,  accountability  procedures,  and  access 
controls  at  the  central  computer  facility,  remote  computer  and  terminal 
facilities,  and,  the  management  constraints,  physical  structures,  and  devices; 
personnel  and  communication  controls  needed  to  provide  an  acceptable  level  of 
protection  for  classified  material  to  be  contained  in  the  computer  system. 

ANNUAL  LOSS  EXPECTANCY  (ALE)  The  ALE  of  an  ADP  system  or  activity  is  the 
expected  yearly  dollar  value  loss  from  the  harm  to  the  system  or  activity  by 
attacks  against  its  assets. 

APPLICATION  SOFTWARE  (FUNCTIONAL)  Routines  and  programs  designed  by,  or  for 
system  users  and  customers.  Through  the  use  of  available  automated  system 
equipment  and  basic  software,  application  software  completes  specific,  mission- 
oriented  tasks,  jobs,  or  functions.  It  can  be  either  general  purpose  packages, 
such  as  demand  deposit  accounting,  payroll,  machine  tool  control,  and  so  forth, 
or  specific  application  programs  tailored  to  complete  a single  or  limited 
number  of  user  functions,  for  example,  base-level  personnel,  depot  maintenance, 
missile  or  satellite  tracking,  and  so  forth.  Except  for  general  purpose 
packages  that  are  acquired  directly  from  software  vendors  or  from  the  original 
equipment  manufacturers,  this  type  of  software  is  generally  developed  by  the 
user  either  with  in-house  resources  or  through  contract  services. 

APPROVAL  TO  OPERATE  Concurrence  by  the  DAA  that  a satisfactory  level  of 
security  has  been  provided  (minimum  requirements  are  met  and  there  is  an 
acceptable  level  of  risk).  It  authorizes  the  operation  of  an  automated  system 
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or  network  at  a computer  facility.  Approval  results  from  an  analysis  of  the 
computer  facility,  automated  system,  and  automatic  data  system  certifications 
and  the  operational  environment  of  the  automated  system  entity  by  the  DAA.  See 
ACCREDITATION. 

AUDIT  TRAIL  A chronological  record  of  system  activities  which  is  sufficient  to 
enable  the  reconstruction,  review,  and  examination  of  the  sequence  of 
environments  and  activities  surrounding  or  leading  to  an  operation,  a 
procedure,  or  an  event  in  the  path  of  a transaction  from  its  inception  to 
output  of  final  results. 

AUTHENTICATION  The  act  of  identifying  or  verifying  the  eligibility  of  a 
station,  originator,  or  individual  to  access  information.  This  measure  is 
designed  to  provide  protection  against  fraudulent  transmissions  by  establishing 
the  validity  of  a transmission,  message,  station,  or  originator. 

AUTHORIZATION  The  privilege  granted  to  an  individual  by  a designated  official 
to  access  information  based  upon  the  individual’s  clearance  and  need-to-know. 

AUTOMATED  SYSTEM  SECURITY  All  security  features  needed  to  provide  an 
acceptable  level  of  protection  for  hardware;  software;  and  classified, 
sensitive  unclassified  or  critical  data,  material,  or  processes  in  the  system. 
It  includes:  all  hardware  and  software  functions,  characteristics  and 
features,  operational  procedures,  accountability  procedures,  access  controls  at 
all  computer  facilities,  (includes  those  housing  mainframes,  terminals, 
minicomputers,  or  microcomputers),  management  constraints,  physical  protection, 
control  of  compromising  emanations  (TEMPEST),  personnel  and  communications 
security  (COMSEC),  and  other  security  disciplines. 

AVAILABILITY  That  computer  security  characteristic  that  ensures  the  computer 
resources  will  be  available  to  authorized  users  when  they  need  them.  This 
characteristic  protects  against  denial  of  service. 

BACKUP  OR  REDUNDANCY  The  provision  of  facilities,  logical  or  physical,  to 
speed  the  process  of  Restart  and  Recovery  following  failure.  Such  facilities 
might  include  duplicated  files  or  transactions,  periodic  dumping  of  core  or 
backing  storage  contents,  duplicated  processors,  storage  devices,  terminals  or 
telecommunications  hardware,  and  the  switches  to  effect  a changeover. 

BACKUP  PROCEDURES  The  provisions  made  for  the  recovery  of  data  files  and 
program  libraries,  and  for  restart  or  replacement  of  ADP  equipment  after  a 
system  failure  or  disaster. 

BASE  AND  BOUNDS  REGISTERS  Identify  upper  and  lower  limits  of  a protected  area 
to  restrict  access  to  other  areas. 

BASELINE  SECURITY  REQUIREMENTS  A description  of  minimum  requirements 
providedfor  a system  to  maintain  an  acceptable  level  of  security.  The  baseline 
does  not  necessarily  constitute  one  document  but  may  be  an  accumulation  of  the 
security  requirements  stated  in  several  documents. 

BIOMETRIC  The  use  of  specific  quantities  that  reflect  unique  personal 
characteristics  (such  as  a fingerprint,  an  eye  blood  vessel  print,  or  a voice 
print)  to  validate  the  identify  of  users. 
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BROWSING  An  unstructured  search  through  storage  in  hope  of  obtaining  otherwise 
inaccessible  information. 

CALL  BACK  A procedure  for  identifying  a terminal  dialing  into  a system  by 
disconnecting  the  caller  and  reestablishing  the  connection  by  the  computer 
system  dialing  the  telephone  number  of  the  calling  terminal.  Synonymous  with 
DIAL  BACK. 

CERTIFICATION  A statement  that  specifies  the  extent  to  which  the  security 
measures  meet  specifications.  Certification  is  based  on  the  results  of  the  risk 
assessment  and  security  tests  performed.  It  does  not  necessarily  imply  a 
guarantee  that  the  described  system  is  impenetrable. 

CHAIN  OF  CUSTODY  CONTROLS  Measures  implemented  to  control  the  chain  of  custody 
for  hardware  or  software  from  manufacturer,  through  the  logistic  support 
system,  down  to  the  user  site  to  ensure  that  no  modification  or  tampering  can 
take  place. 

CHECKSUMS  A digit  added  to  each  number  in  a coding  system  which  allows  for 
detection  of  errors  in  the  recording  of  the  code  numbers.  Through  the  use  of 
the  check  digit  and  a predetermined  mathematical  formula,  recording  errors  such 
as  digit  reversal  can  be  noted.  Synonymous  with  parity  bit. 

CHOKE  PACKETS  Packet  sent  to  sender  to  advise  sender  to  reduce  the  traffic 
sent  to  a specific  destination  by  X percent. 

CLASSIFIED  COMPUTER  SECURITY  PROGRAM  All  of  the  technological  safeguards  and 
managerial  procedures  established  and  applied  to  facilities  and  ADP  systems 
(including  ADP  computer  hardware,  software,  and  data)  in  order  to  ensure  the 
protection  of  classified  information. 

CLEARING  The  overwriting  of  classified  information  on  magnetic  media  such  that 
the  media  may  be  reused.  This  does  not  lower  the  classification  level  of  the 
media. 

CLEARING  MAGNETIC  MEDIA  A procedure  used  to  erase  the  sensitive  or  classified 
information  stored  on  the  media,  but  lacking  the  totality  of  a declassification 
procedure. 

COMMUNICATIONS  SECURITY,  (COMSEC)  The  protection  resulting  from  all  measures 
designed  to  deny  unauthorized  persons  information  of  value  which  might  be 
derived  from  the  possession  and  study  of  telecommunications,  or  to  mislead 
unauthorized  persons  in  their  interpretation  of  the  results  of  such  possession 
and  study.  Also  called  COMSEC.  Communications  security  includes 
cryptosecurity,  transmission  security,  emission  security,  and  physical  security 
of  communications  security  materials  and  information. 

COMMUNITY  OF  INTEREST  SEPARATION  Security  control  mechanism  which  provides  for 
the  creation  of  logical  subnets  with  disjoint  non-hierarchical  mandatory  access 
control  categories,  and  protection  of  control  information  from  active 
wiretapping. 

COMPARTMENTALIZATION  The  isolation  of  the  operating  system,  user  programs,  and 
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data  files  from  one  another  in  main  storage  in  order  to  provide  protection 
against  unauthorized  or  concurrent  access  by  other  users  or  programs.  This 
term  also  refers  to  the  division  of  sensitive  data  into  small,  isolated  blocks 
for  the  purpose  of  reducing  risk  to  the  data. 

COMPARTMENTED  MODE  SECURITY  The  mode  of  operation  which  allows  the  system  to 
process  two  or  more  types  of  compartmented  information  (information  requiring  a 
special  authorization)  or  any  one  type  of  compartmented  information  with  other 
than  compartmented  information.  In  this  mode,  all  system  users  need  not  be 
cleared  for  all  types  of  compartmented  information  processed,  but  must  be  fully 
cleared  for  at  least  Top  Secret  information  for  unescorted  access  to  the 
computer. 

COMPROMISE  An  unauthorized  disclosure  or  loss  of  sensitive  information  that 
may  result  in  its  unauthorized  disclosure,  modification,  or  destruction. 

COMPUTER  ABUSE  Willful  or  negligent  unauthorized  activity  that  affects  the 
availability,  confidentiality,  or  integrity  of  computer  resources.  Computer 
abuse  includes  fraud,  embezzlement,  theft,  malicious  damage,  unauthorized  use, 
denial  of  service,  and  misappropriation.  Levels  of  computer  abuse  are: 

Minor  abuse  - acts  that  represent  management  problems,  such  as,  printing 
calendars  or  running  games,  that  do  not  impact  system  availability  for 
authorized  applications; 

Major  abuse  - unauthorized  use  (possibly  criminal),  denial  of  service,  and 
multiple  instances  of  minor  abuse  to  include  waste; 

Criminal  act  - fraud,  embezzlement,  theft,  malicious  damage, 
misappropriation,  conflict  of  interest,  and  unauthorized  access  to 
classified  data. 

COMPUTER  FACILITY  Physical  resources  that  include  structures  orparts  of 
structures  to  house  and  support  capabilities.  For  small  computers,  stand-alone 
systems,  and  word  processing  equipment,  it  is  the  physical  area  where  the 
computer  is  used. 

COMPUTER  FRAUD  Computer-related  crimes  involving  misrepresentation  or 
alteration  of  data  in  order  to  obtain  something  of  value  (usually  for  monetary 
gain).  A computer  system  must  have  been  involved  in  the  perpetration  or  cover- 
up  of  the  act,  or  series  of  acts.  A computer  system  might  have  been  involved 
through  improper  manipulation  of  (1)  input  data;  (2)  output  or  results;  (3) 
applications  programs;  (4)  data  files;  (5)  computer  operations;  (6) 
communications;  or  (7)  computer  hardware,  systems  software,  or  firmware. 

COMPUTER  NETWORK  A complex  consisting  of  two  or  more  interconnected  computers. 

COMPUTER  SECURITY  The  protection  of  the  information  and  physical  assets  of  a 
computer  system.  The  protection  of  information  aims  to  prevent  the 
unauthorized  disclosure,  manipulation,  destruction  or  alteration  of  data.  The 
protection  of  physical  assets  implies  security  measures  against  theft, 
destruction  or  misuse  of  equipment,  i.e.,  processors,  peripherals,  data  storage 
media,  communication  lines  and  interfaces. 
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CONFIGURATION  MANAGEMENT  The  management  of  changes  made  to  a system’s 
hardware,  software,  firmware,  and  documentation  throughout  the  development  and 
operational  life  of  the  system. 

CONTINGENCY  PLAN(S)  A plan  for  emergency  response,  backup  operations,  and 
post-disaster  recovery  maintained  by  an  ADP  activity  as  a part  of  its  security 
program.  A comprehensive,  consistent  statement  of  all  the  actions  to  be  taken 
before,  during,  and  after  a disaster,  along  with  documented,  tested  procedures 
that,  if  followed,  will  ensure  the  availability  of  critical  resources  and  that 
will  facilitate  maintaining  the  continuity  of  operations  in  an  emergency 
situation. 

CONTROLLED  AREA  An  area  or  space  to  which  access  is  physically  controlled. 

CONTROLLED  SECURITY  MODE  An  automated  system  is  operating  in  the  controlled 
security  mode  when  at  least  some  users  with  access  to  the  system  have  neither 
the  required  security  clearance  nor  a need-to-know  for  all  classified  material 
contained  in  the  system.  However,  the  separation  and  control  of  users  and 
classified  material  are  not  accomplished  by  the  operating  system  as  in  the 
Multilevel  Security  Mode.  Instead,  it  is  accomplished  by  the  implementation  of 
security  measures  which  reduce  or  eliminate  most  system  software 
vulnerabil ities. 

CONTROLLED  SPACE  The  three-dimensional  space  surrounding  equipment  that 
processes  national  security  information  within  which  unauthorized  personnel  are 
1)  denied  unrestricted  access  and  2)  enter  escorted  by  authorized  personnel  or 
under  continual  physical  or  electronic  surveillance. 

COUNTERMEASURE  Any  action,  device,  procedure,  technique,  or  other  measure  that 
reduces  the  vulnerability  of  a system  (e.g.,  hardware,  software,  personnel, 
physical,  communications  or  administrative). 

CROSSCHECK  OR  SUMMARY  RECONCILIATION  This  control  involves  the  periodic 
exchange  of  reports  between  communicating  terminals  ofmessage  types  and  counts 
received  for  comparison.  Also,  end-of-day  totals  for  all  traffic  may  be 
summed  across  terminals  for  comparison  to  ensure  that  they  equal  the  system 
message  count  maintained  in  a separate  register. 

DATA  INTEGRITY  The  state  that  exists  when  computerized  data  is  the  same  as 
that  in  the  source  documents  and  has  not  been  exposed  to  accidental  or 
intentional  modification,  disclosure,  or  destruction. 

DEDICATED  SECURITY  MODE  The  mode  of  operation  in  which  the  system  is 
specifically  and  exclusively  dedicated  to  and  controlled  for  the  processing  of 
one  particular  type  or  classification  of  information,  either  for  full-time 
operation  or  for  a specified  period  of  time.  In  this  mode,  all  users  have  the 
clearance,  formal  access  approval,  and  need-to-know  for  all  data  handled  by  the 
system. 

DENIAL  OF  SERVICE  Action  or  actions  that  prevent  any  part  of  a system  from 
functioning  in  accordance  with  its  intended  purpose.  This  includes  any  action 
that  causes  the  unauthorized  destruction,  modification,  or  delay  of  service. 

DESIGNATED  APPROVING  AUTHORITY  (DAA)  A designated  official  who  has  the 
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authority  and  the  responsibility  to  make  the  management  decision  to  accept  or 
not  accept  the  security  safeguards  prescribed  for  an  ADP  system(s)  or  network 
and  for  issuing  an  accreditation  statement  that  records  the  decision  to  accept 
those  safeguards. 

DIGITAL  SIGNATURES  Digital  signatures  allow  a recipient  of  a data  unit  to 
prove  the  source  and  integrity  of  the  data  unit  and  protects  against  forgery, 
for  example,  bu  the  recipient.  A digital  signature  is  created  by  appending 
data  to,  or  performing  a cryptographic  transformation  of,  a data  unit. 

DISCRETIONARY  PROTECTION  Access  control  that  identifies  individual  users  and 
their  need-to-know  and  limits  users  to  the  information  that  they  are  allowed  to 
see.  It  is  used  on  systems  that  process  information  with  the  same  level  of 
sensitivity. 

EMISSION  SECURITY,  (EMSEC)  That  component  of  communications  security  which 
results  from  all  measures  taken  to  deny  unauthorized  persons  information  of 
value  which  might  be  derived  from  intercept  and  analysis  of  compromising 
emanations  from  crypto-equipment  and  telecommunications  systems. 

ENCRYPTION  Transforming  a text  into  code  in  order  to  conceal  its  meaning. 
End-to-End  Encryption:  Encryption  of  information  at  the  origin  within  a 
communications  network  and  postponing  decryption  to  the  final  destination 
point.  Line  Encryption:  The  application  of  on-line  crypto-operations  to  a 
link  of  a communications  system  so  that  all  information  passing  over  the  link 
is  encrypted. 

END-TO-END  ENCRYPTION  Encipherment  of  data  within  or  at  the  source  end  system, 
with  the  corresponding  decipherment  occurring  only  within  or  at  the  destination 
end  system. 

ERASURE  A process  by  which  a signal  recorded  on  magnetic  media  is  removed. 
Erasure  is  accomplished  in  two  ways:  (1)  by  alternating  current  erasure,  the 
information  is  destroyed  by  applying  an  alternating  high/low  current  to  the 
media,  or  (2)  by  direct  current  erasure,  the  media  are  saturated  by  applying  a 
unidirectional  current. 

ERROR  DETECTING  AND  CORRECTING  A system  employing  an  error  detecting  code  and 
so  arranged  that  a signal  detected  as  being  in  error  automatically  initiates  a 
request  for  retransmission. 

ERROR  RECOVERY  Mechanisms  that  allow  the  recovery  from  transmission  errors, 
node  failures,  invalid  protocol  usage,  traffic  jams,  missing  packets,  and 
disrupted  sessions. 

ESCORT(S)  Duly  designated  personnel  who  have  appropriate  clearances  and  access 
authorizations  for  the  material  contained  in  the  system  and  are  sufficiently 
knowledgeable  to  understand  the  security  implications  of  and  to  control  the 
activities  and  access  of  the  individual  being  escorted. 

EVALUATED  PRODUCTS  LIST,  (EPL)  A documented  inventory  of  commercially  avail- 
able trusted  computer  hardware  and  software  thathas  been  evaluated  against  the 
Department  of  Defense  Trusted  Computer  System  Evaluation  Criteria  by  the 

National  Computer  Security  Center. 
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EVENT  DETECTION  AND  HANDLING  Mechanisms  that  provide  for  the  identification  of 
specific  events  or  situations  and  initiate  appropriate  action  upon  detection  of 
the  event  or  situation. 

EXECUTION  DOMAINS  Processor  is  divided  into  states  to  provide  isolation 
support.  A two  state  processor  has  a user  state  and  a supervisor  state. 
Supervisor  state  has  more  privileges  than  user  state.  Multiple  state  machines 
may  use  multiple  execution  domains.  The  program  executing  in  an  inner  level 
has  free  use  of  the  instructions  in  the  outer  level  state;  however,  a program 
executing  in  the  outer  level  does  not  have  use  of  the  instructions  in  the  inner 
level.  CPU  knows  which  domain  is  in  control  and  only  operations  specified  as 
allowable  can  take  place. 

FAULT  TOLERANCE  Mechanisms  that  provide  a capability  to  deal  with  network 
failures  and  to  maintain  continuity  of  operations  of  a network  including  the 
following  features:  error/fault  detection,  fault  treatment,  damage  assessment, 
error/failure  recovery,  component/segment  crash  recovery,  and  whole  network 
crash  recovery. 

FILE  PROTECTION  The  aggregate  of  all  processes  and  procedures  established  in 
an  automated  system  and  designed  to  inhibit  unauthorized  access,  contamination, 
or  elimination  of  a file. 

FIRMWARE  Software  that  is  permanently  stored  in  a hardware  device  which  allows 
reading  of  the  software  but  not  writing  or  modifying.  The  most  common  device 
for  firmware  is  read  only  memory  (ROM). 

FLOW  CONTROL  Mechanism  that  requires  sender  to  stop  sending  at  some  point  and 
wait  for  an  explicit  go-ahead  message,  or  permit  the  receiver  to  simply  discard 
messages  at  will. 

FOR  OFFICIAL  USE  ONLY  (FOUO)  DATA  Data  that  is  unclassified  official 
information  of  a sensitive,  proprietary,  or  personal  nature  which  must  be 
protected  against  unauthorized  public  release. 

HACKER  Originally,  a computer  enthusiast  who  spent  significant  time  learning 
the  functions  of  the  computer  without  benefit  of  formal  training  (and  often 
without  the  technical  manuals)  by  trying  combinations  of  commands  at  random  to 
determine  their  effect.  Common  usage  today  is  from  the  press,  which  uses  the 
word  to  describe  people  who  "break  into"  computers  for  various  purposes. 

HANDSHAKING  A preliminary  exchange  of  predetermined  signals  performed  by 
modems  and/or  terminals  and  computers  to  verify  that  communication  has  been 
established  and  can  proceed. 

HANDSHAKING  PROCEDURES  A dialogue  between  a user  and  a computer,  a computer 
and  another  computer,  a program  and  another  program  for  the  purpose  of 
identifying  a user  and  authenticating  identity.  A sequence  of  questions  and 
answers  is  used  based  on  information  either  previously  stored  in  the  computer 
or  supplied  to  the  computer  by  the  initiator  of  the  dialogue. 

HARDWARE  The  electric,  electronic,  and  mechanical  equipment  used  for 
processing  data. 
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HARDWARE  PROTOCOL  VERIFICATION  Hardware  protocol  verification  can  be  applied 
to  help  ensure  that  the  host  is  in  contact  with  theright  terminal  (the  one  it 
thinks  it  is).  The  terminal  identity  can  be  made  software  invariant  by 
storing  it  in  a chip  from  where  it  is  taken  to  answer  a poll  or  select. 

IMPERSONATION  An  attempt  to  gain  access  to  a system  by  posing  as  an 
authorized  user.  Synonymous  with  MASQUERADING  and  MIMICKING. 

INFORMATION  RESOURCES  MANAGEMENT  The  planning,  budgeting,  organizing, 
directing,  training,  and  control  associated  with  government  information.  The 
term  encompasses  both  information  itself  and  the  related  resources,  such  as 
personnel,  equipment,  funds,  and  technology. 

INFORMATION  SECURITY  The  result  of  any  system  of  policies  and  procedures  for 
identifying,  controlling,  and  protecting  from  unauthorized  disclosure, 
information  whose  protection  is  authorized  by  executive  order  or  statute. 

INFORMATION  SYSTEMS  SECURITY  The  protection  afforded  to  information  systems  in 
order  to  preserve  the  availability,  integrity,  and  confidentiality  of  the 
systems  and  information  contained  within  the  systems.  Such  protection  is  the 
application  of  the  combination  of  all  security  disciplines  which  will,  at  a 
minimum,  include  COMSEC,  TEMPEST,  computer  security,  OPSEC,  information 
security,  personnel  security,  industrial  security,  resource  protection,  and 
physical  security. 

INTEGRITY  That  computer  security  characteristic  that  ensures  that  computer 
resources  operate  correctly  and  that  the  data  in  the  data  bases  are  correct. 
This  characteristic  protects  against  deliberate  or  inadvertent  unauthorized 
manipulation  of  the  system  and  ensures  and  maintains  the  security  of  entities 
of  a computer  system  under  all  conditions. 

INTELLIGENCE  INFORMATION  Classified  information  defined  as  intelligence 
information  by  Director  of  Central  Intelligence  Directive  1/16. 

INTERIM  APPROVAL  The  temporary  authorization  granted  an  information  system  to 
process  sensitive  or  classified  information  based  on  preliminary  results  of  a 
comprehensive  security  evaluation  of  the  information  system. 

INTERNAL  CONTROLS  The  plan  of  organization  and  all  of  the  methods  and  measures 
adopted  within  an  agency  to  safeguard  its  resources,  assure  the  accuracy  and 
reliability  of  its  information,  assure  adherence  to  applicable  laws, 
regulations  and  policies,  and  promote  operational  economy  and  efficiency. 

INTERNAL  CONTROL  DOCUMENTATION  Written  policies,  organization 
charts, procedural  write-ups,  manuals,  memoranda,  flowcharts,  decision  tables, 
completed  questionnaires,  software,  and  related  written  materials  used  to 
describe  the  internal  control  methods  and  measures,  to  communicate 
responsibilities  and  authorities  for  operating  such  methods  and  measures,  and 
to  serve  as  a reference  for  persons  reviewing  the  internal  controls  and  their 
functioning. 

KEY  In  cryptography,  a symbol  or  sequence  of  symbols  (or  electrical  or 
mechanical  correlates  of  symbols)  which  control  the  operations  of  encryption 
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and  decryption. 

KEY  MANAGEMENT  Specific  manual  and  computer  procedures  for  the  generation, 
dissemination,  replacement,  storage,  archive,  and  destruction  of  secret  keys 
that  control  encryption  or  authentication  processes. 

LABEL  A piece  of  information  that  represents  the  security  level  of  an  object 
and  that  describes  the  sensitivity  of  the  information  in  the  object. 

LEAST  PRIVILEGE  The  principle  that  requires  that  each  subject  be  granted  the 
most  restrictive  set  of  privileges  needed  for  the  performance  of  authorized 
tasks.  The  application  of  this  principle  limits  the  damage  that  can  result  from 
accident,  error,  or  unauthorized  use. 

LIMITED  ACCESS  SECURITY  MODE  The  type  of  data  being  processed  is  categorized 
as  unclassified  and  requires  the  implementation  of  special  access  controls  to 
restrict  the  access  to  the  data  only  to  individuals  who  by  their  job  function 
have  a need  to  access  the  data. 

LIVENESS  CHECKS  Verification  that  a network  component{s)  is  functioning 
properly. 

LOCKS  AND  KEYS  MEMORY  PROTECTION  Locks  (identifiers  assigned  to  areas  of  real 
memory)  restrict  access  to  memory  by  requiring  that  the  user  or  programmer 
supply  the  key  to  unlock  memory  and  allow  access. 

LOGIC  BOMB  A resident  computer  program  that,  when  executed,  checks  for 
particular  conditions  or  particular  states  of  the  system,  which  when  satisfied 
triggers  the  perpetration  of  an  unauthorized  act. 

LOGOFF/LOG  OFF  Procedure  used  to  terminate  connections. 

LOGON/LOG  ON  Procedure  used  to  establish  the  identity  of  the  user,  and  the 
levels  of  authorization  and  access  permitted. 

LOOPHOLE  An  error  of  omission  or  oversight  in  software  or  hardware  that 
permits  circumventing  the  access  control  process. 

MALICIOUS  LOGIC  Hardware,  software,  or  firmware  that  is  intentionally  included 
in  a system  for  an  unauthorized  purpose.  An  example  is  a Trojan  horse. 

MANDATORY  ACCESS  CONTROL  SECURITY  MODE  A means  of  restricting  access  to 
objects  basedon  the  sensitivity  (as  represented  by  a label)  of  the  information 
contained  in  the  objects  and  the  formal  authorization  (i.e.,  clearance)  of 
subjects  to  access  information  of  such  sensitivity. 

MARKING  The  process  of  placing  a sensitivity  designator  (e.g.,  "confidential") 
with  data  such  that  its  sensitivity  is  communicated.  Marking  is  not  restricted 
to  the  physical  placement  of  a sensitivity  designator,  as  might  be  done  with  a 
rubber  stamp,  but  can  involve  the  use  of  headers  for  network  messages,  special 
fields  in  databases,  etc. 

MASQUERADING  An  attempt  to  gain  access  to  a system  by  posing  as  an  authorized 
user.  Synonymous  with  MIMICKING  and  IMPERSONATION. 
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MEDIA  The  peripheral  devices  (physical  components)  used  for  the  storage  of 
data,  such  as  tape  reels,  floppy  diskettes,  etc. 

MOCKINGBIRD  A computer  program  or  process  which  mimics  the  legitimate  behavior 
of  a normal  system  feature  (or  other  apparently  useful  function)  but  performs 
malicious  activities  once  invoked  by  the  user. 

MODES  OF  OPERATION  The  definition  of  the  security  environment  and  approved 
methods  of  operating  a system. 

MULTILEVEL  DEVICE  A device  that  is  used  in  a manner  that  permits  it  to 
simultaneously  process  data  of  two  or  more  security  levels  without  risk  of 
compromise.  To  accomplish  this,  sensitivity  labels  are  normally  stored  on  the 
same  physical  medium  and  in  the  same  form  (i.e.,  machine-readable  or  human- 
readable)  as  the  data  being  processed. 

MULTILEVEL  SECURITY  MODE  A mode  of  operation  that  provides  a capability  for 
various  levels  and  categories  orcompartments  of  data  to  be  concurrently  stored 
and  processed  in  an  automated  system  and  permits  selective  access  to  such 
material  concurrently  by  users  who  have  differing  security  clearances  and  need- 
to-know.  Internal  controls,  as  well  as  personnel,  physical,  and  administrative 
controls,  separate  users  and  data  on  the  basis  of  security  clearance.  The 
internal  security  controls  must  be  thoroughly  demonstrated  to  be  effective  in 
preventing  unauthorized  access  to  information. 

NATIONAL  SECURITY  DECISION  DIRECTIVE  145  (NSDD-145)  Signed  by  President  Reagan 
on  17  September  1984,  this  directive  is  entitled,  "National  Policy  on 
Telecommunications  and  Automated  Information  Systems  Security."  It  provides 
initial  objectives,  policies,  and  an  organizational  structure  to  guide  the 
conduct  of  national  activities  toward  safeguarding  systems  that  process,  store, 
or  communicate  sensitive  information;  establishes  a mechanism  for  policy 
development;  and  assigns  implementation  responsibilities. 

NEED-TO-KNOW  The  necessity  for  access  to,  knowledge  of,  or  possession  of 
certain  information  required  to  carry  out  official  duties.  Responsibility  for 
determining  whether  a person’s  duties  require  that  possession  of  or  access  to 
such  information  and  whether  the  individual  is  authorized  to  receive  it  rests 
upon  the  individual  having  current  possession,  knowledge,  or  control  of  the 
information  involved  and  not  upon  the  prospective  recipient(s) . 

NETWORK  A communications  medium  and  all  components  attached  to  that  medium 
that  are  responsible  for  the  transfer  of  information.  Such  components  may 
include  ADP  systems,  packet  switches,  telecommunications  controllers,  key 
distribution  centers,  technical  control  devices,  and  other  networks. 

NETWORK  FRONT  END  A device  that  implements  the  necessary  network  protocols, 
including  security  related  protocols,  to  allow  a computer  system  to  be  attached 
to  a network. 

NETWORK  WEAVING  Network  weaving  is  a technique  using  different  communication 
networks  to  gain  access  to  an  organization’s  system.  For  example,  a 
perpetrator  [...]  makes  a call  through  AT&T,  jumps  over  to  Sprint,  then  to  MCI, 
and  then  to  Tymnet.  The  purpose  is  to  avoid  detection  and  trace-backs  to  the 
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source  of  the  call . 

NOFORN  No  foreign  dissemination.  This  term  indicates  that  the  information 
contained  in  the  document  must  not  be  released  to  foreign  nationals. 

NOTARIZATION  The  registration  of  data  with  a trusted  third  party  that  allows 
the  later  assurance  of  the  accuracy  of  its  characteristics  such  as  content, 
origin,  time  and  delivery. 

OPERATIONS  SECURITY  (OPSEC)  The  process  of  denying  adversaries  information 
about  friendly  capabilities  and  intentions  by  identifying,  controlling,  and 
protecting  indicators  associated  with  planning  and  conducting  military 
operations  and  other  activities. 

OVERWRITE  PROCEDURE  A procedure  to  remove  or  destroy  data  recorded  on  ADP 
magnetic  storage  media  by  recording  patterns  of  unclassified  data  over  or  on 
top  of  the  data  stored  on  the  media. 

OWNER  OF  DATA  The  individual  or  group  that  has  responsibility  for  specific 
data  types,  and  that  is  charged  with  the  communication  of  the  need  for  certain 
security-related  handling  procedures  to  both  the  users  and  custodians  of  this 
data. 

PARTITIONED  SECURITY  MODE  A mode  of  operation  wherein  all  personnel  have  the 
clearance  but  not  necessarily  formal  access  approval  (need-to-know)  for  all 
information  handled  by  the  system.  This  encompasses  the  Compartmented  Security 
Mode. 

PASSWORD  A protected  word,  phrase  or  string  of  symbols  that  is  used  to 
authenticate  the  identity  of  a user. 

PASSWORD  SYSTEM  A part  of  an  ADP  system  that  is  used  to  authenticate  a user’s 
identity.  Assurance  of  unequivocal  identification  is  based  on  the  user’s 
ability  to  enter  a private  password  that  no  one  else  should  know. 

PENETRATION  The  successful  unauthorized  access  to  an  automated  system. 

PENETRATION  TESTING  The  use  of  teams  consisting  of  data  processing, 
communications,  and  security  specialists  to  attempt  to  penetrate  a system  for 
the  purpose  of  identifying  any  security  weaknesses. 

PERIODS  PROCESSING  Intervals  of  time  when  security  environments  are 
temporarily  established  for  processing  information.  For  example,  an  automated 
system  could  process  Top  Secret  in  the  dedicated  security  mode  during  one 
period,  both  Confidential  and  Secret  in  the  controlled  security  mode  in  a 
second  period,  and  only  unclassified  material  in  a third  period.  The  system  is 
purged  of  all  information  and  brought  to  a secure  state  when  transitioning  from 
one  period  to  the  next.  There  will  be  users  during  the  new  period  who  do  not 
have  clearance  and  need-to-know  for  information  processed  during  the  previous 
period. 

PERSONAL  DATA  Any  unique  data  used  in  the  system  of  records  to  locate  or 
retrieve  an  individual’s  record.  Information  subject  to  the  Privacy  Act  of 
1974.  These  data  may  include,  but  is  not  limited  to,  education,  financial 
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transactions,  medical  history,  qualifications,  service  data,  criminal  or 
employment  history  which  ties  the  data  to  the  individual’s  name,  or  an 
identifying  number,  symbols,  or  other  identifying  particular  assigned  to  the 
individual,  such  as  a finger  or  voice  print  or  a photograph. 

PERSONNEL  SECURITY  The  procedures  established  to  ensure  that  all  personnel  who 
have  access  to  any  classified  or  sensitive  information  have  the  required 
authorizations  and  the  appropriate  clearances. 

PHYSICAL  CONTROL  SPACE/  PHYSICALLY  CONTROLLED  SPACE  (PCS)  The  spherical  space 
surrounding  electronic  equipment  used  to  process  information  which  is  under 
sufficient  physical  control  to  stop  intercept  of  compromising  emanations.  It 
is  usually  expressed  in  meters  and  can  be  controlled  by  fences,  guards, 
patrols,  walls,  and  so  forth.  The  exact  method  of  securing  the  PCS  may  vary 
depending  upon  resources  available. 

PHYSICAL  SECURITY  The  use  of  locks,  guards,  badges,  alarms,  and  similar 
measures  (alone  or  in  combination)  to  control  access  to  the  classified  ADP 
facility,  system  and  related  equipment  and  to  protect  them  from  espionage, 
theft,  misuse,  abuse,  or  damage. 

PIGGYBACK  The  gaining  unauthorized  access  to  a system  via  another  user’s 
legitimate  connection. 

PREFERRED  PRODUCTS  LIST  (PPL)  A list  of  commercially  produced  equipments  that 
meet  TEMPEST  and  other  requirements  prescribed  by  NSA. 

PRIORITY  INDICATIOR  A group  of  characters  that  indicate  the  relative  urgency 
of  a message  and  thus  its  order  of  transmission. 

PRIVACY  PROTECTION  The  establishment  of  appropriate  administrative,  technical, 
and  physical  safeguards  to  ensure  the  security  and  confidentiality  of  data 
records  and  to  protect  both  security  and  confidentiality  against  any 
anticipated  threats  or  hazards  that  could  result  in  substantial  harm, 
embarrassment,  inconvenience,  or  unfairness  to  any  individual  about  whom  such 
information  is  maintained. 

PROCEDURAL  SECURITY  The  management  constraints;  operational,  administrative, 
and  accountability  procedures;  and  supplemental  controls  established  to  provide 
protection  for  sensitive  and  classified  information. 

PROPRIETARY  DATA  Data  that  is  created,  used,  and  marketed  by  individuals  having 
exclusive  legal  rights. 

PROTECTED  DISTRIBUTION  SYSTEM  (PDS)  A telecommunications  system  to  which 
acoustical,  electrical,  electromagnetic  and  physical  safeguards  have  been 
applied  to  permit  its  use  for  secure  electrical  or  optical  transmission  of 
unencrypted  classified  information  or  sensitive  unclassified  information. 

PSEUDO-FLAW  An  apparent  loophole  deliberately  implanted  in  an  operating  system 
program  as  a trap  for  intruders. 

RECONFIGURATION  Capability  to  reconfigure  the  network  to  provide  network 
software  maintenance  and  program  downloading  to  network  nodes  for  software 
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distribution,  and  removing  failed  or  faulty  components  and  replacing  with 
replaced  components  can  isolate  and/or  confine  network  failures,  accommodate 
the  addition  and  deletion  of  network  components,  and  circumvent  a detected 
fault. 

RECOVERY  PROCEDURES  The  actions  necessary  to  restore  a system’s  computational 
capability  and  data  files  after  a system  failure  or  penetration. 

RED/BLACK  ENGINEERING  The  concept  that  telecommunications  circuits, 
components,  equipment,  and  systems  which  handle  classified  plain-language 
information  in  electrical  signal  form  (RED)  be  separated  from  those  which 
handle  encrypted  or  unclassified  information  (BLACK). 

RELIABILITY  The  probability  of  a given  system  performing  its  mission 
adequately  for  a period  of  time  under  the  expected  operating  conditions. 

REMOTE  TERMINAL  AREA  Remote  computer  facilities,  peripheral  devices,  or 
terminals  which  are  located  outside  the  central  computer  facility. 

RESTRICTED  AREA  Any  area  to  which  access  is  subject  to  special  restrictions  or 
controls  for  reasons  of  security  or  safeguarding  of  property  or  material. 

RISK  The  probability  that  a particular  threat  will  exploit  a particular 
vulnerability  of  the  Automated  Information  System  or  telecommunications  system. 

RISK  ANALYSIS  An  analysis  of  system  assets  and  vulnerabilities  to  establish  an 
expected  loss  from  certain  events  based  on  estimated  probabilities  of 
occurrence. 

RISK  ASSESSMENT  A study  of  the  vulnerabilities,  threats,  likelihood,  loss  or 
impact,  and  effectiveness  of  security  measures.  Managers  use  the  results  of  a 
risk  assessment  to  identify  security  requirements  and/or  enhancements  over  the 
life  cycle  of  a system. 

RISK  MANAGEMENT  The  total  process  of  identifying,  controlling,  and  eliminating 
or  minimizing  uncertain  events  affecting  system  resources.  It  includes  risk 
assessment;  cost  benefit  analysis;  countermeasures  selection;  implementation; 
test,  and  evaluation;  and  overall  security  review. 

ROUTING  CONTROL  Routing  control  consists  of  applying  rules  to  the  routing 
process  so  as  to  chose  or  avoid  specific  networks,  links,  or  relays. 

SANITIZATION  The  elimination  of  classified  information  from  magnetic  media  to 
permit  the  reuse  of  the  media  at  a lower  classification  level  or  to  permit  the 
release  to  uncleared  personnel  or  personnel  without  the  proper  information 
access  authorizations. 

SANITIZE  To  erase  or  overwrite  classified  data  stored  on  magnetic  media  for 
the  purpose  of  declassifying  the  media. 

SECURE  OPERATING  SYSTEM  An  operating  system  that  effectively  controls  hardware 
and  software  functions  in  order  to  provide  the  level  of  protection  appropriate 
to  the  value  of  the  data  and  resources  managed  by  the  operating  system. 
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SECURITY  AREA  A physically  defined  space  containing  classified  matter 
(documents  or  material)  subject  to  physical  protection  and  personnel  access 
control s. 

SECURITY  GUARD  A special  purpose  device  used  to  separate  two  systems  or 
components  which  are  not  fully  trusted  to  communicate  securely. 

SECURITY  KERNEL  Software  designed  into  a system  that  monitors  all  access 
within  the  system  and  (in  theory)  cannot  be  tampered  with  or  bypassed. 

SECURITY  MODE  A secure  mode  of  operation  in  which  the  approving  authority 
accredits  a system  to  operate.  Inherent  with  each  of  the  security  modes  are 
restrictions  on  the  user  clearance  levels,  formal  access  requirements,  need-to- 
know  requirements,  and  the  range  of  sensitive  information  permitted  on  the 
system. 

SECURITY  SAFEGYARDS  The  protective  measures  and  controls  that  are  prescribed 
to  meet  the  security  requirements  specified  for  an  AIS.  Those  safeguards  may 
include  but  are  not  necessarily  limited  to:  hardware  and  software  security 
features,  operations  procedures,  accountability  procedures,  access  and 
distribution  controls,  management  contraints,  personnel  security,  physical 
structures,  areas,  and  devices. 

SECURITY  TEST  AND  EVALUATION  (ST&E)  An  examination  and  analysis  of  the 
security  safeguards  of  an  AIS  as  they  have  been  applied  in  an  operational 
environment  to  determine  the  security  posture  of  the  AIS. 

SENSITIVE  COMPARMENTED  INFORMAITON  (SCI)  Intelligence  information  requiring 
special  controls  indicating  restricted  handling. 

SENSITIVE  UNCLASSIFIED  INFORMATION  AND  DATA  Sensitive  unclassified 
information  is  plain  text  or  machine  encoded  data  requiring  protection  because 
of  statutory  or  regulatory  restrictions  and/or  because  of  the  magnitude  of  loss 
or  harm  that  could  result  from  inadvertent  or  deliberate  disclosure, 
alteration,  or  destruction  of  the  information  (e.g.,  personal  data,  proprietary 
information,  mission  essential  information,  sensitive  energy  information, 
sensitive  financial/supply  data,  risk  or  vulnerability  assessment  data, 
security  program  related  information,  any  data  not  releasable  under  the  Freedom 
of  Information  Act,  and  other  unclassified  information,  the  loss  of  which  could 
adversely  affect  the  vital  interest  of  the  United  States). 

SEQUENCE  NUMBERING  The  numerical  ordering  of  all  traffic  in  the  network  to 
protect  against  duplication  or  loss  of  messages  on  the  line  as  well  as 
insertion  of  a false  message  into  a circuit  by  an  intruder  simulating  the 
identity  of  an  authorized  user. 

SOFTWARE  SECURITY  Those  general  purpose  (executive,  utility,  or  software 
development  tools)  and  applications  programs,  and  routines  which  protect  data 
handled  by  an  ADP  system  and  its  resources. 

SPOOFING  The  deliberate  act  of  inducing  a user  or  a resource  into  taking  an 
incorrect  action. 

STAND  ALONE,  SINGLE-USER  SYSTEM  A system  that  is  physically  and  electrically 
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isolated  from  all  other  systems,  and  is  intended  to  be  used  by  one  person  at  a 
time,  with  no  data  belonging  to  other  users  remaining  in  the  system  (e.g.,  a 
personal  computer  with  removable  storage  media  such  as  a floppy  disk). 

SYNCHRONIZED  CLOCKS  Mechanism  that  may  be  used  to  provide  "liveness"  assurance 
in  support  of  authentication. 

SYSTEM  An  assembly  of  computer  hardware,  software,  or  firmware  configured  for 
the  purpose  of  classifying,  sorting,  calculating,  computing,  summarizing, 
transmitting  and  receiving,  storing,  controlling  or  receiving  data  with  a 
minimum  of  human  intervention. 

SYSTEM  HIGH  SECURITY  MODE  The  mode  of  operation  in  which  the  computer  system 
and  all  of  its  connected  peripheral  devices  and  remote  terminals  are  protected 
in  accordance  with  the  requirements  for  the  highest  security  level  of  material 
contained  in  the  system  at  that  time.  All  personnel  having  access  to  the 
system  have  a security  clearance,  but  not  a need-to-know,  for  all  material  then 
contained  in  the  system. 

SYSTEM  INTEGRITY  The  state  that  exists  when  there  is  complete  assurance  that 
under  all  conditions  an  ADP  system  is  based  on  the  logical  correctness  and 
reliability  of  the  operating  system,  the  logical  completeness  of  the  hardware 
and  software  that  implement  the  protection  mechanisms,  and  data  integrity. 

SYSTEM  SECURITY  OFFICER  (SSO)  The  person (s)  responsible  for  ensuring 
thatsecurity  is  provided  for  and  implemented  throughout  the  life  cycle  of  an 
AIS  from  the  beginning  of  the  concept  development  phase  through  its  design, 
development,  operation,  maintenance,  and  secure  disposal. 

TAGGED  MEMORY  Every  word  is  tagged  with  some  attribute  such  as  mode,  type,  or 
security  level  which  CPU  interprets  and  grants  or  denies  access. 

TELECOMMUNICATIONS  The  preparation,  transmission,  communication,  or  related 
processing  of  information  by  electrical,  electromagnetic,  electromechanical,  or 
electro-optical  means. 

TEMPEST  The  study  and  control  of  spurious  electronic  signals  emitted  by 
electrical  equipment. 

TEMPEST  CONTROL  ZONE  The  contiguous  space  which  surrounds  equipment  and 
distribution  systems  and  is  under  sufficient  physical  and  technical  control  to 
preclude  interception  of  compromising  emanations.  Sufficient  physical  and 
technical  control  is  the  degree  of  control  that  enables  the  security  forces 
responsible  for  protecting  a controlled  space  to  detect,  investigate  and  remove 
any  person  or  device  of  a suspicious  nature  which  is  detected  therein. 

THREAT  ADP  Any  circumstance  or  event  with  the  potential  to  cause  harm  to  the 
system  or  activity  in  the  form  of  destruction,  disclosure,  and  modification  of 
data,  or  denial  of  service.  A threat  is  a potential  for  harm.  The  presence  of 
a threat  does  not  mean  that  it  will  necessarily  cause  actual  harm.  Threats 
exist  because  of  the  very  existence  of  the  system  or  activity  and  not  because 
of  any  specific  weakness.  For  example,  the  threat  of  fire  exists  at  all 
facilities,  regardless  of  the  amount  of  fire  protection  available. 
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TIME  BOMB  In  computer  security,  a variant  of  the  Trojan  horse  in  which 
malicious  code  is  inserted  to  be  triggered  later. 

TIME  STAMPING  Attaching  a time  indicator  to  a data  unit  in  order  to  establish 
the  time  sequence  of  data  transmitted  or  may  be  used  in  conjunction  with 
encipherment  to  authenticate  the  validity  of  a data  unit. 

TRAFFIC  PADDING  Traffic  padding  involves  generating  spurious  instances  of 
communication,  spurious  data  units  and/or  spurious  data  within  data  units. 
Traffic  padding  may  be  used  to  provide  various  levels  of  protection  against 
traffic  analysis. 

TRAP  DOOR  A hidden  software  or  hardware  mechanism  that  permits  system 
protection  mechanisms  to  be  circumvented.  It  is  activated  in  some  innocent- 
appearing manner  (e.g.,  special  "random"  key  sequence  at  a terminal).  Software 
developers  often  introduce  trap  doors  in  their  code  that  enable  them  to  re- 
enter the  system  and  perform  certain  functions. 

TROJAN  HORSE  A computer  program  with  an  apparently  or  actually  useful  function 
that  contains  additional  (hidden)  functions  that  surreptitiously  exploit  the 
legitimate  authorizations  of  the  invoking  process  to  the  detriment  of  security 
or  integrity.  For  example,  making  a "blind  copy"  of  a sensitive  file  for  the 
creator  of  the  Trojan  horse. 

TRUSTED  PRODUCTS  Products  certified  by  Director,  NCSC  for  inclusion  on  the 
Evaluated  Products  List  (EPL). 

USER  ID  A unique  symbol  or  character  string  that  is  used  by  a system  to  only 
identify  a user. 

VIRUS  A program  or  set  of  instructions  written  by  malicious  programmers  intent 
on  destroying  information  and/or  overloading  system  operations  in  other 
computers.  A virus  can  enter  a system  surreptitiously  through  telephone  lines, 
enter  by  use  of  exchanged  memory  disks,  or  be  hidden  among  legitimate 
information. 

VULNERABILITY  A weakness  in  system  security  procedures,  hardware  design, 
internal  controls,  etc.,  that  could  be  exploited  to  gain  unauthorized  access  to 
classified  or  sensitive  information  or  disrupt  processing. 
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ANNOTATED  BIBLIOGRAPHY 
FOR  THE 

DOE  RISK  ASSESSMENT  GUIDELINE 

The  following  bibliographic  section  was  compiled  to  provide  citations  and  brief 
annotations  of  articles  in  computer  security  and  risk  assessment  that  would  be 
useful  as  supplemental  resources  to  the  users  of  the  DOE  Risk  Assessment 
Guideline.  The  search  conducted  covered  the  last  5 years  (1983-1988)  with  the 
objective  of  providing  titles  of  relevant,  recent  publications  on  subjects  of 
interest  to  the  user  audience.  The  topical  areas  searched  are  listed  below. 

On  occasion,  a citation  of  interest  was  identified,  but  the  article  itself 
could  not  be  located  for  review  and  annotation.  However,  its  title  was  still 
included  in  the  bibliography  in  an  effort  to  provide  a comprehensive  listing 
of  potentially  useful  articles.  In  addition,  the  titles  of  selected  security- 
related  periodicals  and  source  books  are  also  listed,  without  specific 
reference  to  an  individual  article,  in  order  to  identify  sources  of  general 
utility  in  conducting  future  risk  assessments. 

Editor’s  Note:  Bibliographic  entries  are  grouped  by  category  as  follows:  Risk 
Assessment:  General,  Risk  Assessment:  Computer  Based  Tools,  Threats  and 
Vulnerabilities,  Countermeasures:  Equipment/Technology,  Countermeasures: 
Procedures,  Networks,  Viruses  and  Other  Related  Threats,  Risk  Management, 
Certification  and  Accreditation,  Other  U.S.  Government  Computer  Security 
Publications. 
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